Caddy is an extensible server platform that uses TLS by default. From 2.4.0 until 2.11.3, the authorization layer and the /config traversal layer do not agree on what object the path refers to. In this case, a path authorized for one config object is accepted, but then resolves to a different config object during traversal. This happens because the authorization layer uses string prefix matching and the /config traversal layer parses array indices numerically using strconv.Atoi(). This vulnerability is fixed in 2.11.3.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:NCaddyserver Caddy
APPCaddyserver2.4.0 β 2.11.3 (bez)
Related vulnerabilities
Caddy before 0.10.13 mishandles TLS client authentication, as demonstrated by an authentication bypass caused ...
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can ...
Caddy is an extensible server platform that uses TLS by default. From 2.7.0 until 2.11.3, the FastCGI transpor...
Caddy is an extensible server platform that uses TLS by default. Prior to 2.11.4, on Windows, Caddy path match...
Caddy is an extensible server platform that uses TLS by default. Prior to 2.11.4, forward_auth copy_headers de...