-
Notifications
You must be signed in to change notification settings - Fork 61
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
x/vulndb: potential Go vuln in github.com/greenpau/caddy-security: CVE-2024-21492 #2557
Labels
excluded: EFFECTIVELY_PRIVATE
This vulnerability exists in a package can be imported, but isn't meant to be outside that module.
Comments
tatianab
changed the title
x/vulndb: potential Go vuln in Path is unknown: CVE-2024-21492
x/vulndb: potential Go vuln in github.com/greenpau/caddy-security: CVE-2024-21492
Feb 28, 2024
neild
added
the
excluded: EFFECTIVELY_PRIVATE
This vulnerability exists in a package can be imported, but isn't meant to be outside that module.
label
Feb 29, 2024
Change https://go.dev/cl/568036 mentions this issue: |
Change https://go.dev/cl/592778 mentions this issue: |
gopherbot
pushed a commit
that referenced
this issue
Jun 28, 2024
- data/reports/GO-2024-2521.yaml - data/reports/GO-2024-2434.yaml - data/reports/GO-2024-2537.yaml - data/reports/GO-2024-2432.yaml - data/reports/GO-2024-2483.yaml - data/reports/GO-2024-2480.yaml - data/reports/GO-2024-2433.yaml - data/reports/GO-2024-2530.yaml - data/reports/GO-2024-2556.yaml - data/reports/GO-2024-2472.yaml - data/reports/GO-2024-2540.yaml - data/reports/GO-2024-2560.yaml - data/reports/GO-2024-2561.yaml - data/reports/GO-2024-2590.yaml - data/reports/GO-2024-2428.yaml - data/reports/GO-2024-2508.yaml - data/reports/GO-2024-2592.yaml - data/reports/GO-2024-2511.yaml - data/reports/GO-2024-2491.yaml - data/reports/GO-2024-2479.yaml - data/reports/GO-2024-2509.yaml - data/reports/GO-2024-2589.yaml - data/reports/GO-2024-2496.yaml - data/reports/GO-2024-2505.yaml - data/reports/GO-2024-2558.yaml - data/reports/GO-2024-2430.yaml - data/reports/GO-2024-2594.yaml - data/reports/GO-2024-2431.yaml - data/reports/GO-2024-2488.yaml - data/reports/GO-2024-2495.yaml - data/reports/GO-2024-2557.yaml - data/reports/GO-2024-2442.yaml - data/reports/GO-2024-2593.yaml - data/reports/GO-2024-2512.yaml - data/reports/GO-2024-2528.yaml - data/reports/GO-2024-2529.yaml - data/reports/GO-2024-2588.yaml - data/reports/GO-2024-2562.yaml - data/reports/GO-2024-2441.yaml - data/reports/GO-2024-2591.yaml - data/reports/GO-2024-2477.yaml - data/reports/GO-2024-2448.yaml - data/reports/GO-2024-2510.yaml - data/reports/GO-2024-2564.yaml - data/reports/GO-2024-2476.yaml - data/reports/GO-2024-2527.yaml - data/reports/GO-2024-2481.yaml - data/reports/GO-2024-2445.yaml - data/reports/GO-2024-2457.yaml - data/reports/GO-2024-2446.yaml - data/reports/GO-2024-2447.yaml - data/reports/GO-2024-2501.yaml - data/reports/GO-2024-2440.yaml - data/reports/GO-2024-2500.yaml - data/reports/GO-2024-2444.yaml - data/reports/GO-2024-2550.yaml - data/reports/GO-2024-2523.yaml - data/reports/GO-2024-2516.yaml - data/reports/GO-2024-2531.yaml - data/reports/GO-2024-2595.yaml - data/reports/GO-2024-2520.yaml - data/reports/GO-2024-2582.yaml - data/reports/GO-2024-2485.yaml - data/reports/GO-2024-2541.yaml - data/reports/GO-2024-2563.yaml - data/reports/GO-2024-2532.yaml - data/reports/GO-2024-2450.yaml - data/reports/GO-2024-2515.yaml - data/reports/GO-2024-2499.yaml - data/reports/GO-2024-2514.yaml - data/reports/GO-2024-2535.yaml - data/reports/GO-2024-2458.yaml - data/reports/GO-2024-2449.yaml - data/reports/GO-2024-2549.yaml - data/reports/GO-2024-2517.yaml - data/reports/GO-2024-2478.yaml - data/reports/GO-2024-2559.yaml - data/reports/GO-2024-2486.yaml - data/reports/GO-2024-2513.yaml - data/reports/GO-2024-2565.yaml Updates #2521 Updates #2434 Updates #2537 Updates #2432 Updates #2483 Updates #2480 Updates #2433 Updates #2530 Updates #2556 Updates #2472 Updates #2540 Updates #2560 Updates #2561 Updates #2590 Updates #2428 Updates #2508 Updates #2592 Updates #2511 Updates #2491 Updates #2479 Updates #2509 Updates #2589 Updates #2496 Updates #2505 Updates #2558 Updates #2430 Updates #2594 Updates #2431 Updates #2488 Updates #2495 Updates #2557 Updates #2442 Updates #2593 Updates #2512 Updates #2528 Updates #2529 Updates #2588 Updates #2562 Updates #2441 Updates #2591 Updates #2477 Updates #2448 Updates #2510 Updates #2564 Updates #2476 Updates #2527 Updates #2481 Updates #2445 Updates #2457 Updates #2446 Updates #2447 Updates #2501 Updates #2440 Updates #2500 Updates #2444 Updates #2550 Updates #2523 Updates #2516 Updates #2531 Updates #2595 Updates #2520 Updates #2582 Updates #2485 Updates #2541 Updates #2563 Updates #2532 Updates #2450 Updates #2515 Updates #2499 Updates #2514 Updates #2535 Updates #2458 Updates #2449 Updates #2549 Updates #2517 Updates #2478 Updates #2559 Updates #2486 Updates #2513 Updates #2565 Change-Id: I9920757c40e457cb5d033ef0e0a99deb6a5c29b5 Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/592778 LUCI-TryBot-Result: Go LUCI <[email protected]> Reviewed-by: Damien Neil <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Labels
excluded: EFFECTIVELY_PRIVATE
This vulnerability exists in a package can be imported, but isn't meant to be outside that module.
CVE-2024-21492 references [Path is unknown](https://Path is unknown), which may be a Go module.
Description:
All versions of the package github.com/greenpau/caddy-security are vulnerable to Insufficient Session Expiration due to improper user session invalidation upon clicking the "Sign Out" button. User sessions remain valid even after requests are sent to /logout and /oauth2/google/logout. Attackers who gain access to an active but supposedly logged-out session can perform unauthorized actions on behalf of the user.
References:
Cross references:
No existing reports found with this module or alias.
See doc/triage.md for instructions on how to triage this report.
The text was updated successfully, but these errors were encountered: