Description
The Caddy web server is an open-source load balancer, reverse proxy, web server written in Go.
Caddy is dynamically configurable with a RESTful JSON API. Acunetix determined that it was possible to access this REST interface without authentication.
Remediation
Restrict access to the Caddy API interface.
References
Related Vulnerabilities
WordPress Plugin Caldera Forms-More Than Contact Forms Information Disclosure (1.3.5.2)
WordPress Plugin iThemes Security (formerly Better WP Security) Information Disclosure (5.1.1)
WordPress Plugin WP Intercom-Slack for WordPress Information Disclosure (1.2.1)