CVE-2024-21497

Name of the Vulnerable Software and Affected Versions github.com/greenpau/caddy-security versions all

Description The issue allows for Open Redirect via the redirect url parameter. An attacker could perform a phishing attack, tricking users into visiting a malicious website by crafting a convincing URL with this parameter. To exploit this, the user must take an action, such as clicking on a portal button or using the browser’s back button, to trigger the redirection.

Recommendations For all versions, as a temporary workaround, consider restricting the use of the redirect url parameter until a patch is available. Avoid using the redirect url parameter in affected API endpoints until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.