authcrunch 漏洞與 CVE 列表(5)

產品(CPE): — CVE 數: 5

authcrunch 漏洞概覽

彙總 authcrunch 相關全部產品的 CVE 與安全漏洞情報,包括 CVSS、EPSS、公開時間與漏洞情報資料。

常見弱點模式包括 跨站腳本與SSRF,在 軟體部署與生產負載 使用場景中可能帶來 工作階段劫持 等風險。

相關漏洞資料主要來源於公開漏洞披露與安全公告,可用於評估歷史漏洞暴露面與修補優先順序。

漏洞分布趨勢(近 24 個月)

顯示 155 CVE 數
«« 第一頁 « 上一頁 第 1 / 1 頁 下一頁 »
CVE 摘要 來源 最高 CVSS EPSS % 公開時間 更新時間
CVE-2024-21500 All versions of the package github.com/greenpau/caddy-security are vulnerable to Improper Restriction of Excessive Authentication Attempts via the two-factor authentication (2FA). Although the application blocks the user after several failed attempts to provide 2FA codes, attackers can bypass this blocking mechanism by automating the application’s full multistep 2FA process. [email protected] 4.8 0.53% 2024-02-17 2026-06-17
CVE-2024-21498 All versions of the package github.com/greenpau/caddy-security are vulnerable to Server-side Request Forgery (SSRF) via X-Forwarded-Host header manipulation. An attacker can expose sensitive information, interact with internal services, or exploit other vulnerabilities within the network by exploiting this vulnerability. [email protected] 5.3 0.55% 2024-02-17 2026-06-17
CVE-2024-21496 All versions of the package github.com/greenpau/caddy-security are vulnerable to Cross-site Scripting (XSS) via the Referer header, due to improper input sanitization. Although the Referer header is sanitized by escaping some characters that can allow XSS (e.g., [&], [<], [>], ["], [']), it does not account for the attack based on the JavaScript URL scheme (e.g., javascript:alert(document.domain)// payload). Exploiting this vulnerability may not be trivial, but it could lead to the execution of [email protected] 6.1 0.58% 2024-02-17 2026-06-17
CVE-2024-21492 All versions of the package github.com/greenpau/caddy-security are vulnerable to Insufficient Session Expiration due to improper user session invalidation upon clicking the "Sign Out" button. User sessions remain valid even after requests are sent to /logout and /oauth2/google/logout. Attackers who gain access to an active but supposedly logged-out session can perform unauthorized actions on behalf of the user. [email protected] 4.8 0.71% 2024-02-17 2026-06-17
CVE-2023-52430 The caddy-security plugin 1.1.20 for Caddy allows reflected XSS via a GET request to a URL that contains an XSS payload and begins with either a /admin or /settings/mfa/delete/ substring. [email protected] 6.1 0.37% 2024-02-12 2026-06-17
«« 第一頁 « 上一頁 第 1 / 1 頁 下一頁 »
cvelogic Threat Intelligence