Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
Caddy Web Server Authentication Bypass by Spoofing Vulnerability - CVE-2023-50463 - Vulnerability Database
Caddy Web Server

Caddy Web Server Authentication Bypass by Spoofing Vulnerability - CVE-2023-50463

Medium
Reference: CVE-2023-50463
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2023-50463
Title: Caddy Web Server Authentication Bypass by Spoofing Vulnerability
Overview:

The caddy-geo-ip (aka GeoIP) middleware through 0.6.0 for Caddy 2 when trust_header X-Forwarded-For is used allows attackers to spoof their source IP address via an X-Forwarded-For header which may bypass a protection mechanism (trusted_proxy directive in reverse_proxy or IP address range restrictions).