Caddy Web Server Authentication Bypass by Spoofing Vulnerability - CVE-2023-50463 - Vulnerability Database

Caddy Web Server Authentication Bypass by Spoofing Vulnerability - CVE-2023-50463

Medium
Reference: CVE-2023-50463
Title: Caddy Web Server Authentication Bypass by Spoofing Vulnerability
Overview:

The caddy-geo-ip (aka GeoIP) middleware through 0.6.0 for Caddy 2 when trust_header X-Forwarded-For is used allows attackers to spoof their source IP address via an X-Forwarded-For header which may bypass a protection mechanism (trusted_proxy directive in reverse_proxy or IP address range restrictions).