CVE-2024-21494
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
All versions of the package github.com/greenpau/caddy-security are vulnerable to Authentication Bypass by Spoofing via the X-Forwarded-For header due to improper input sanitization. An attacker can spoof an IP address used in the user identity module (/whoami API endpoint). This could lead to unauthorized access if the system trusts this spoofed IP address.
Todas las versiones del paquete github.com/greenpau/caddy-security son vulnerables a la omisión de autenticación mediante suplantación de identidad a través del encabezado X-Forwarded-For debido a una sanitización de entrada inadecuada. Un atacante puede falsificar una dirección IP utilizada en el módulo de identidad del usuario (endpoint API/whoami). Esto podría dar lugar a un acceso no autorizado si el sistema confía en esta dirección IP falsificada.
CVSS Scores
SSVC
- Decision:Track*
Timeline
- 2023-12-22 CVE Reserved
- 2024-02-17 CVE Published
- 2024-08-01 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-290: Authentication Bypass by Spoofing
CAPEC
References (3)
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Github.com/greenpau/caddy-security Search vendor "Github.com/greenpau/caddy-security" | Github.com/greenpau/caddy-security Search vendor "Github.com/greenpau/caddy-security" for product "Github.com/greenpau/caddy-security" | * | - |
Affected
| ||||||