Launchpad.net

CVE 2018-21246

Caddy before 0.10.13 mishandles TLS client authentication, as demonstrated by an authentication bypass caused by the lack of the StrictHostMatching mode.

See the CVE page on Mitre.org for more details.