Data

Tools

Indexes

Applications

Experiments

Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

GSA_kwCzR0hTQS1nbWo4LTg0cjQtaDQ2as4AAu_k

High CVSS: 7.1 EPSS: 0.00177% (0.39695 Percentile) EPSS:
Permalink JSON

rdiffweb Cross-Site Request Forgery vulnerability can lead to user email ID being changed

Affected Packages Affected Versions Fixed Versions
pypi:rdiffweb
PURL: pkg:pypi/rdiffweb
< 2.4.7 2.4.7
0 Dependent packages
3 Dependent repositories
1,660 Downloads last month

Affected Version Ranges

All affected versions

0.9.3, 0.9.4, 0.9.5, 0.10.0, 0.10.2, 0.10.3, 0.10.4, 0.10.5, 0.10.6, 0.10.7, 0.10.8, 0.10.9, 1.0.0, 1.0.0a1, 1.0.0a2, 1.0.0a3, 1.0.0a4, 1.0.1, 1.0.2, 1.0.3, 1.1.0, 1.2.0, 1.2.1, 1.2.2, 1.3.0, 1.3.1, 1.3.1b1, 1.3.1b2, 1.3.2, 1.4.0, 1.4.0b1, 1.4.0b2, 1.4.0b3, 1.4.0b4, 1.4.0b5, 1.4.1b1, 1.4.1b2, 1.4.1b3, 1.5.0, 1.5.1b1, 1.5.1b2, 1.6.0b1, 2.0.1b2, 2.0.1b3, 2.0.2, 2.0.3a1, 2.0.3a2, 2.0.3a3, 2.0.3a4, 2.0.3a5, 2.0.3a6, 2.0.3a7, 2.1.0, 2.2.0, 2.2.0a1, 2.2.0a2, 2.2.0a3, 2.2.0a4, 2.2.0a5, 2.2.0a6, 2.2.1, 2.3.0, 2.3.1, 2.3.2, 2.3.3, 2.3.4, 2.3.5, 2.3.6, 2.3.7, 2.3.8, 2.3.9, 2.4.0, 2.4.1, 2.4.2, 2.4.3, 2.4.4, 2.4.5, 2.4.6

All unaffected versions

2.4.7, 2.4.8, 2.4.9, 2.4.10, 2.4.11, 2.4.11a1, 2.5.0, 2.5.0a7, 2.5.0a8, 2.5.0a9, 2.5.1, 2.5.2, 2.5.3, 2.5.4, 2.5.4b1, 2.5.5, 2.5.6, 2.5.7, 2.5.8, 2.6.0, 2.6.0a1, 2.6.0a2, 2.6.0a3, 2.6.0a4, 2.6.1, 2.7.0, 2.7.0a1, 2.7.0a2, 2.7.0a3, 2.7.1, 2.8.0a1, 2.8.0a2, 2.8.0a3, 2.8.0a4, 2.8.0a5, 2.8.0a6, 2.8.0a7, 2.8.0a8, 2.8.0a9, 2.8.1, 2.8.2, 2.8.2a1, 2.8.3, 2.8.4, 2.8.5, 2.8.6, 2.8.7, 2.8.8, 2.8.9, 2.9.0a3, 2.9.0a5, 2.9.0b1, 2.9.0b2, 2.9.1, 2.9.2, 2.9.3, 2.9.4, 2.9.5, 2.9.7, 2.10.0b1, 2.10.0rc1, 2.10.0rc2, 2.10.0rc3, 2.10.1b1, 2.10.1b2, 2.10.1rc1, 2.10.3b1, 2.10.4, 2.10.4b1, 2.10.4b2, 2.10.5, 2.10.6

rdiffwen prior to version 2.4.7 is vulnerable to Cross-Site Request Forgery (CSRF). An attacker can change a user's email ID. Version 2.4.7 has a fix for this issue.

References:

Identifiers

GHSA-gmj8-84r4-h46j

CVE-2022-3274

Risk

Severity

High

CVSS

CVSS Score: 7.1

CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:L/VA:H/SC:N/SI:N/SA:N

EPSS

EPSS Percentage: 0.00177

EPSS Percentile: 0.39695

Classification

General

Source

GitHub Advisory Database

Origin

Unspecified

Repository

https://github.com/ikus060/rdiffweb

Date and time

Published

about 3 years ago

Updated

about 1 year ago

API

JSON