CVE-2024-21498
- EPSS 0.16%
- Veröffentlicht 17.02.2024 05:15:10
- Zuletzt bearbeitet 23.12.2025 20:08:07
All versions of the package github.com/greenpau/caddy-security are vulnerable to Server-side Request Forgery (SSRF) via X-Forwarded-Host header manipulation. An attacker can expose sensitive information, interact with internal services, or exploit ot...
CVE-2024-21500
- EPSS 0.05%
- Veröffentlicht 17.02.2024 05:15:10
- Zuletzt bearbeitet 03.04.2025 16:12:19
All versions of the package github.com/greenpau/caddy-security are vulnerable to Improper Restriction of Excessive Authentication Attempts via the two-factor authentication (2FA). Although the application blocks the user after several failed attempts...
CVE-2024-21496
- EPSS 0.14%
- Veröffentlicht 17.02.2024 05:15:09
- Zuletzt bearbeitet 23.12.2025 20:09:22
All versions of the package github.com/greenpau/caddy-security are vulnerable to Cross-site Scripting (XSS) via the Referer header, due to improper input sanitization. Although the Referer header is sanitized by escaping some characters that can allo...
CVE-2024-21492
- EPSS 0.55%
- Veröffentlicht 17.02.2024 05:15:08
- Zuletzt bearbeitet 23.12.2025 20:15:15
All versions of the package github.com/greenpau/caddy-security are vulnerable to Insufficient Session Expiration due to improper user session invalidation upon clicking the "Sign Out" button. User sessions remain valid even after requests are sent to...
CVE-2023-52430
- EPSS 1.54%
- Veröffentlicht 12.02.2024 23:15:08
- Zuletzt bearbeitet 06.05.2025 19:15:59
The caddy-security plugin 1.1.20 for Caddy allows reflected XSS via a GET request to a URL that contains an XSS payload and begins with either a /admin or /settings/mfa/delete/ substring.