Critical severityNVD Advisory· Published Jun 15, 2020· Updated Aug 5, 2024
CVE-2018-21246
CVE-2018-21246
Description
Caddy before 0.10.13 mishandles TLS client authentication, as demonstrated by an authentication bypass caused by the lack of the StrictHostMatching mode.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
github.com/caddyserver/caddyGo | < 0.10.13 | 0.10.13 |
Affected products
2- Caddy/Caddydescription
Patches
Vulnerability mechanics
References
7- github.com/advisories/GHSA-gr7w-x2jp-3xgwghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2018-21246ghsaADVISORY
- bugs.gentoo.org/715214ghsax_refsource_MISCWEB
- github.com/caddyserver/caddy/commit/4d9ee000c8d2cbcdd8284007c1e0f2da7bc3c7c3ghsaWEB
- github.com/caddyserver/caddy/pull/2099ghsaWEB
- github.com/caddyserver/caddy/releases/tag/v0.10.13ghsax_refsource_MISCWEB
- pkg.go.dev/vuln/GO-2020-0043ghsaWEB
News mentions
0No linked articles in our index yet.