logo

Database

Uncontrolled external site redirect In github.com/greenpau/caddy-security

Description

Open Redirect in github.com/greenpau/caddy-security All versions of the package github.com/greenpau/caddy-security are vulnerable to Open Redirect via the redirect_url parameter. An attacker could perform a phishing attack and trick users into visiting a malicious website by crafting a convincing URL with this parameter. To exploit this vulnerability, the user must take an action, such as clicking on a portal button or using the browser’s back button, to trigger the redirection.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem
Package
Affected version
Patched versions

Aliases

1. CVE-2024-214972. NVD-2024-214973. OSV-2024-214974. GCVE-2024-21497

References

1. https://github.com/greenpau/caddy-security/issues/2682. https://blog.trailofbits.com/2023/09/18/security-flaws-in-an-sso-plugin-for-caddy

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.