CVE-2024-21497

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-21497
Versions of the package github.com/greenpau/caddy-security are vulnerable to Open Redirect via the redirect_url parameter. An attacker could perform a phishing attack and trick users into visiting a malicious website by crafting a convincing URL with this parameter. To exploit this vulnerability, the user must take an action, such as clicking on a portal button or using the browser’s back button, to trigger the redirection.

5.4 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 2.5

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://blog.trailofbits.com/2023/09/18/security-flaws-in-an-sso-plugin-for-caddy/ Mitigation Third Party Advisory
https://github.com/greenpau/caddy-security/issues/268 Issue Tracking
https://security.snyk.io/vuln/SNYK-GOLANG-GITHUBCOMGREENPAUCADDYSECURITY-6249861 Third Party Advisory
https://blog.trailofbits.com/2023/09/18/security-flaws-in-an-sso-plugin-for-caddy/ Mitigation Third Party Advisory
https://github.com/greenpau/caddy-security/issues/268 Issue Tracking
https://security.snyk.io/vuln/SNYK-GOLANG-GITHUBCOMGREENPAUCADDYSECURITY-6249861 Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:greenpau:caddy-security:*:*:*:*:*:*:*:*
History

03 Mar 2026, 17:16

Type Values Removed Values Added
Summary (en) All versions of the package github.com/greenpau/caddy-security are vulnerable to Open Redirect via the redirect_url parameter. An attacker could perform a phishing attack and trick users into visiting a malicious website by crafting a convincing URL with this parameter. To exploit this vulnerability, the user must take an action, such as clicking on a portal button or using the browser’s back button, to trigger the redirection. (en) Versions of the package github.com/greenpau/caddy-security are vulnerable to Open Redirect via the redirect_url parameter. An attacker could perform a phishing attack and trick users into visiting a malicious website by crafting a convincing URL with this parameter. To exploit this vulnerability, the user must take an action, such as clicking on a portal button or using the browser’s back button, to trigger the redirection.
First Time Greenpau caddy-security
Greenpau
References () https://blog.trailofbits.com/2023/09/18/security-flaws-in-an-sso-plugin-for-caddy/ - () https://blog.trailofbits.com/2023/09/18/security-flaws-in-an-sso-plugin-for-caddy/ - Mitigation, Third Party Advisory
References () https://github.com/greenpau/caddy-security/issues/268 - () https://github.com/greenpau/caddy-security/issues/268 - Issue Tracking
References () https://security.snyk.io/vuln/SNYK-GOLANG-GITHUBCOMGREENPAUCADDYSECURITY-6249861 - () https://security.snyk.io/vuln/SNYK-GOLANG-GITHUBCOMGREENPAUCADDYSECURITY-6249861 - Third Party Advisory
CPE cpe:2.3:a:greenpau:caddy-security:*:*:*:*:*:*:*:*

21 Nov 2024, 08:54

Type Values Removed Values Added
References () https://blog.trailofbits.com/2023/09/18/security-flaws-in-an-sso-plugin-for-caddy/ - () https://blog.trailofbits.com/2023/09/18/security-flaws-in-an-sso-plugin-for-caddy/ -
References () https://github.com/greenpau/caddy-security/issues/268 - () https://github.com/greenpau/caddy-security/issues/268 -
References () https://security.snyk.io/vuln/SNYK-GOLANG-GITHUBCOMGREENPAUCADDYSECURITY-6249861 - () https://security.snyk.io/vuln/SNYK-GOLANG-GITHUBCOMGREENPAUCADDYSECURITY-6249861 -

17 Feb 2024, 05:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-02-17 05:15

Updated : 2026-03-03 17:16

NVD link : CVE-2024-21497

Mitre link : CVE-2024-21497

CVE.ORG link : CVE-2024-21497

JSON object : View

Products Affected

greenpau

  • caddy-security
CWE
CWE-601

URL Redirection to Untrusted Site ('Open Redirect')