{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-10T19:48:26.388","vulnerabilities":[{"cve":{"id":"CVE-2024-21500","sourceIdentifier":"report@snyk.io","published":"2024-02-17T05:15:10.697","lastModified":"2025-04-03T16:12:19.953","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"All versions of the package github.com/greenpau/caddy-security are vulnerable to Improper Restriction of Excessive Authentication Attempts via the two-factor authentication (2FA). Although the application blocks the user after several failed attempts to provide 2FA codes, attackers can bypass this blocking mechanism by automating the application’s full multistep 2FA process."},{"lang":"es","value":"Todas las versiones del paquete github.com/greenpau/caddy-security son vulnerables a una restricción inadecuada de intentos de autenticación excesivos a través de la autenticación de dos factores (2FA). Aunque la aplicación bloquea al usuario después de varios intentos fallidos de proporcionar códigos 2FA, los atacantes pueden evitar este mecanismo de bloqueo automatizando todo el proceso 2FA de varios pasos de la aplicación."}],"metrics":{"cvssMetricV31":[{"source":"report@snyk.io","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N","baseScore":4.8,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.2,"impactScore":2.5},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":2.5}]},"weaknesses":[{"source":"report@snyk.io","type":"Secondary","description":[{"lang":"en","value":"CWE-307"}]},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-307"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:authcrunch:caddy-security:*:*:*:*:*:*:*:*","matchCriteriaId":"F0C3455A-9011-4B84-9084-C48F4545BAAB"}]}]}],"references":[{"url":"https://blog.trailofbits.com/2023/09/18/security-flaws-in-an-sso-plugin-for-caddy/","source":"report@snyk.io","tags":["Exploit","Third Party Advisory"]},{"url":"https://github.com/greenpau/caddy-security/issues/271","source":"report@snyk.io","tags":["Issue Tracking"]},{"url":"https://security.snyk.io/vuln/SNYK-GOLANG-GITHUBCOMGREENPAUCADDYSECURITY-6249864","source":"report@snyk.io","tags":["Third Party Advisory"]},{"url":"https://blog.trailofbits.com/2023/09/18/security-flaws-in-an-sso-plugin-for-caddy/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory"]},{"url":"https://github.com/greenpau/caddy-security/issues/271","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking"]},{"url":"https://security.snyk.io/vuln/SNYK-GOLANG-GITHUBCOMGREENPAUCADDYSECURITY-6249864","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}}]}