Authentication Bypass by Spoofing in github.com/greenpau/caddy-security
Moderate severity
GitHub Reviewed
Published
Feb 17, 2024
to the GitHub Advisory Database
•
Updated Feb 20, 2024
Package
Affected versions
<= 1.1.23
Patched versions
None
Description
Published by the National Vulnerability Database
Feb 17, 2024
Published to the GitHub Advisory Database
Feb 17, 2024
Reviewed
Feb 20, 2024
Last updated
Feb 20, 2024
All versions of the package github.com/greenpau/caddy-security are vulnerable to Authentication Bypass by Spoofing via the X-Forwarded-For header due to improper input sanitization. An attacker can spoof an IP address used in the user identity module (/whoami API endpoint). This could lead to unauthorized access if the system trusts this spoofed IP address.
References