1 results (0.002 seconds)
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-21494
https://notcve.org/view.php?id=CVE-2024-21494
17 Feb 2024 — All versions of the package github.com/greenpau/caddy-security are vulnerable to Authentication Bypass by Spoofing via the X-Forwarded-For header due to improper input sanitization. An attacker can spoof an IP address used in the user identity module (/whoami API endpoint). This could lead to unauthorized access if the system trusts this spoofed IP address. Todas las versiones del paquete github.com/greenpau/caddy-security son vulnerables a la omisión de autenticación mediante suplantación de identidad a tr... • https://blog.trailofbits.com/2023/09/18/security-flaws-in-an-sso-plugin-for-caddy • CWE-290: Authentication Bypass by Spoofing •