CVE-2024-21498

2024-02-1705:00:05

snyk

github.com

vulnerability

ssrf

x-forwarded-host manipulation

github.com/greenpau/caddy-security

network

exploitation

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P

AI Score

5.6

Confidence

High

SSVC

Exploitation

none

Automatable

yes

Technical Impact

partial

JSON

All versions of the package github.com/greenpau/caddy-security are vulnerable to Server-side Request Forgery (SSRF) via X-Forwarded-Host header manipulation. An attacker can expose sensitive information, interact with internal services, or exploit other vulnerabilities within the network by exploiting this vulnerability.

ADP Affected

[
  {
    "cpes": [
      "cpe:2.3:a:authcrunch:caddy_security:*:*:*:*:*:*:*:*"
    ],
    "vendor": "authcrunch",
    "product": "caddy_security",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "*",
        "versionType": "semver"
      }
    ],
    "defaultStatus": "unknown"
  }
]