Vulnerability CVE-2023-50463


Published: 2023-12-10   Modified: 2023-12-14

Description:
The caddy-geo-ip (aka GeoIP) middleware through 0.6.0 for Caddy 2, when trust_header X-Forwarded-For is used, allows attackers to spoof their source IP address via an X-Forwarded-For header, which may bypass a protection mechanism (trusted_proxy directive in reverse_proxy or IP address range restrictions).

Type:

CWE-290

(Authentication Bypass by Spoofing)

Affected software
Caddyserver -> Caddy 

 References:
https://github.com/shift72/caddy-geo-ip/issues/4
https://github.com/shift72/caddy-geo-ip/tags
https://caddyserver.com/v2

Copyright 2024, cxsecurity.com

 

Back to Top