github.com/greenpau/caddy-security
Go10 known CVEs affecting this package
Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.
CVEs affecting github.com/greenpau/caddy-securitypage 1 of 1
- CVE-2023-52430MEDIUMCVSS 6.1EG 6.12024-02-12
The caddy-security plugin 1.1.20 for Caddy allows reflected XSS via a GET request to a URL that contains an XSS payload and begins with either a /admin or /settings/mfa/delete/ substring.
- CVE-2024-21492MEDIUMCVSS 4.8EG 4.82024-02-17
All versions of the package github.com/greenpau/caddy-security are vulnerable to Insufficient Session Expiration due to improper user session invalidation upon clicking the "Sign Out" button. User sessions remain valid even after requests …
- CVE-2024-21493MEDIUMCVSS 5.3EG 5.32024-02-17
All versions of the package github.com/greenpau/caddy-security are vulnerable to Improper Validation of Array Index when parsing a Caddyfile. Multiple parsing functions in the affected library do not validate whether their input values are…
- CVE-2024-21494MEDIUMCVSS 5.4EG 5.42024-02-17
All versions of the package github.com/greenpau/caddy-security are vulnerable to Authentication Bypass by Spoofing via the X-Forwarded-For header due to improper input sanitization. An attacker can spoof an IP address used in the user iden…
- CVE-2024-21495MEDIUMCVSS 6.5EG 6.52024-02-17
Versions of the package github.com/greenpau/caddy-security before 1.0.42 are vulnerable to Insecure Randomness due to using an insecure random number generation library which could possibly be predicted via a brute-force search. Attackers …
- CVE-2024-21496MEDIUMCVSS 6.1EG 6.12024-02-17
All versions of the package github.com/greenpau/caddy-security are vulnerable to Cross-site Scripting (XSS) via the Referer header, due to improper input sanitization. Although the Referer header is sanitized by escaping some characters th…
- CVE-2024-21497MEDIUMCVSS 5.4EG 5.42024-02-17
Versions of the package github.com/greenpau/caddy-security are vulnerable to Open Redirect via the redirect_url parameter. An attacker could perform a phishing attack and trick users into visiting a malicious website by crafting a convinc…
- CVE-2024-21498MEDIUMCVSS 5.3EG 5.32024-02-17
All versions of the package github.com/greenpau/caddy-security are vulnerable to Server-side Request Forgery (SSRF) via X-Forwarded-Host header manipulation. An attacker can expose sensitive information, interact with internal services, or…
- CVE-2024-21499MEDIUMCVSS 4.3EG 4.32024-02-17
All versions of the package github.com/greenpau/caddy-security are vulnerable to HTTP Header Injection via the X-Forwarded-Proto header due to redirecting to the injected protocol.Exploiting this vulnerability could lead to bypass of secur…
- CVE-2024-21500MEDIUMCVSS 4.8EG 4.82024-02-17
All versions of the package github.com/greenpau/caddy-security are vulnerable to Improper Restriction of Excessive Authentication Attempts via the two-factor authentication (2FA). Although the application blocks the user after several fail…
Check whether github.com/greenpau/caddy-security is used in your infrastructure
EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for github.com/greenpau/caddy-security CVEs against the assets you own.
Start Free Scan →