Описание
Caddy is an extensible server platform that uses TLS by default. From version 2.10.0 to before version 2.11.2, forward_auth copy_headers does not strip client-supplied headers, allowing identity injection and privilege escalation. This issue has been patched in version 2.11.2.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | needs-triage | |
| esm-apps/noble | needs-triage | |
| jammy | DNE | |
| noble | needs-triage | |
| questing | needs-triage | |
| upstream | not-affected | debian: Vulnerable code introduced later |
Показывать по
8.1 High
CVSS3
Связанные уязвимости
Caddy is an extensible server platform that uses TLS by default. From version 2.10.0 to before version 2.11.2, forward_auth copy_headers does not strip client-supplied headers, allowing identity injection and privilege escalation. This issue has been patched in version 2.11.2.
Caddy is an extensible server platform that uses TLS by default. From ...
Caddy forward_auth copy_headers Does Not Strip Client-Supplied Headers, Allowing Identity Injection and Privilege Escalation
8.1 High
CVSS3