CVE-2018-21246: Improper Authentication

October 6, 2022

Caddy before 0.10.13 mishandles TLS client authentication, as demonstrated by an authentication bypass caused by the lack of the StrictHostMatching mode.

References

bugs.gentoo.org/715214
github.com/advisories/GHSA-gr7w-x2jp-3xgw
github.com/caddyserver/caddy/commit/4d9ee000c8d2cbcdd8284007c1e0f2da7bc3c7c3
github.com/caddyserver/caddy/releases/tag/v0.10.13
nvd.nist.gov/vuln/detail/CVE-2018-21246

Code Behaviors & Features

Detect and mitigate CVE-2018-21246 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →