CVE-2024-21494

CVSS 3.1 Score 5.4 of 10 (medium)

Details

Published Feb 17, 2024

Updated: Feb 20, 2024

CWE ID 290

Summary

CVE-2024-21494 is a vulnerability affecting all versions of the package github.com/greenpau/caddy-security. This issue involves authentication bypass through spoofing of the X-Forwarded-For header. The vulnerability arises from inadequate input sanitization in the user identity module, specifically the /whoami API endpoint. An attacker can manipulate this header to impersonate a trusted IP address, potentially gaining unauthorized access to the system.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/ujPUVY
https://www.cve.org/CVERecord?id=CVE-2024-21494
https://nvd.nist.gov/vuln/detail/CVE-2024-21494

Back to Vulnerability Database

CVE-2024-21494

CVSS 3.1 Score 5.4 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations