Lucene search

CVE-2022-3273 Allocation of Resources Without Limits or Throttling in ikus060/rdiffweb

🗓️ 06 Oct 2022 00:00:00Reported by @huntrdevType

CVE-2022-3273 in ikus060/rdiffwe

Reporter	Title	Published	Views	Family All 8
NVD	CVE-2022-3273	6 Oct 202218:16	–	nvd
Huntr	No rate limit on old password parameter allows attacker to bruteforce the existing password and set a new password	22 Sep 202215:37	–	huntr
Prion	Design/Logic Flaw	6 Oct 202218:16	–	prion
OSV	CVE-2022-3273	6 Oct 202218:16	–	osv
OSV	rdiffweb does not have a rate limit on incorrect password attempts to prevent brute force attacks	6 Oct 202218:52	–	osv
Github Security Blog	rdiffweb does not have a rate limit on incorrect password attempts to prevent brute force attacks	6 Oct 202218:52	–	github
CVE	CVE-2022-3273	6 Oct 202218:16	–	cve
Veracode	Information Disclosure	7 Oct 202211:20	–	veracode

[
  {
    "vendor": "ikus060",
    "product": "ikus060/rdiffweb",
    "versions": [
      {
        "version": "unspecified",
        "lessThan": "2.5.0a4",
        "status": "affected",
        "versionType": "custom"
      }
    ]
  }
]

Source	Link
huntr	www.huntr.dev/bounties/a6df4bad-3382-4add-8918-760d885690f6
github	www.github.com/ikus060/rdiffweb/commit/b5e3bb0a98268d18ceead36ab9b2b7eaacd659a8

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

06 Oct 2022 00:00Current

9.8High risk

Vulners AI Score9.8

CVSS33.6

EPSS0.00021

CWE-770

resource allocation throttling github repository ikus060/rdiffweb 2.5.0a4