CVE-2024-21494

MEDIUM Year: 2024
CVSS v3 Score
5.4
Medium
Weakness Type
CWE-290
View all →

Vulnerability Description

All versions of the package github.com/greenpau/caddy-security are vulnerable to Authentication Bypass by Spoofing via the X-Forwarded-For header due to improper input sanitization. An attacker can spoof an IP address used in the user identity module (/whoami API endpoint). This could lead to unauthorized access if the system trusts this spoofed IP address.

Related Vulnerabilities

CVE-2018-8153

MEDIUM
CVSS:5.4(Medium)

A spoofing vulnerability exists in Microsoft Exchange Server when Outlook Web Access (OWA) fails to properly handle web requests, aka "Microsoft Exchange Spoofing Vulnerability." This affects Microsof...

CWE-2902018

CVE-2020-1331

MEDIUM
CVSS:5.4(Medium)

A spoofing vulnerability exists when System Center Operations Manager (SCOM) does not properly sanitize a specially crafted web request to an affected SCOM instance, aka 'System Center Operations Mana...

CWE-2902020

CVE-2021-41130

MEDIUM
CVSS:5.4(Medium)

Extensible Service Proxy, a.k.a. ESP is a proxy which enables API management capabilities for JSON/REST or gRPC API services. ESPv1 can be configured to authenticate a JWT token. Its verified JWT clai...

CWE-2902021

CVE-2023-27964

MEDIUM
CVSS:5.4(Medium)

An authentication issue was addressed with improved state management. This issue is fixed in AirPods Firmware Update 5E133. When your headphones are seeking a connection request to one of your previou...

CWE-2902023

CVE-2024-55232

MEDIUM
CVSS:5.4(Medium)

An IDOR vulnerability in the manage-notes.php module in PHPGurukul Online Notes Sharing Management System v1.0 allows unauthorized users to delete notes belonging to other accounts due to missing auth...

CWE-2902024