Caddy before 0.10.13 mishandles TLS client authentication, as demonstrated by an authentication bypass caused by the lack of the StrictHostMatching mode.
{ "nvd_published_at": null, "github_reviewed_at": "2022-10-06T22:58:56Z", "severity": "CRITICAL", "github_reviewed": true, "cwe_ids": [ "CWE-287" ] }