Количество 4
Количество 4
CVE-2026-30851
Caddy is an extensible server platform that uses TLS by default. From version 2.10.0 to before version 2.11.2, forward_auth copy_headers does not strip client-supplied headers, allowing identity injection and privilege escalation. This issue has been patched in version 2.11.2.
CVE-2026-30851
Caddy is an extensible server platform that uses TLS by default. From version 2.10.0 to before version 2.11.2, forward_auth copy_headers does not strip client-supplied headers, allowing identity injection and privilege escalation. This issue has been patched in version 2.11.2.
CVE-2026-30851
Caddy is an extensible server platform that uses TLS by default. From ...
GHSA-7r4p-vjf4-gxv4
Caddy forward_auth copy_headers Does Not Strip Client-Supplied Headers, Allowing Identity Injection and Privilege Escalation
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2026-30851 Caddy is an extensible server platform that uses TLS by default. From version 2.10.0 to before version 2.11.2, forward_auth copy_headers does not strip client-supplied headers, allowing identity injection and privilege escalation. This issue has been patched in version 2.11.2. | CVSS3: 8.1 | 0% Низкий | 23 дня назад |
 | CVE-2026-30851 Caddy is an extensible server platform that uses TLS by default. From version 2.10.0 to before version 2.11.2, forward_auth copy_headers does not strip client-supplied headers, allowing identity injection and privilege escalation. This issue has been patched in version 2.11.2. | CVSS3: 8.1 | 0% Низкий | 23 дня назад |
| CVE-2026-30851 Caddy is an extensible server platform that uses TLS by default. From ... | CVSS3: 8.1 | 0% Низкий | 23 дня назад |
| GHSA-7r4p-vjf4-gxv4 Caddy forward_auth copy_headers Does Not Strip Client-Supplied Headers, Allowing Identity Injection and Privilege Escalation | CVSS3: 8.1 | 0% Низкий | 23 дня назад |
Уязвимостей на страницу