Lucene search

K
githubGitHub Advisory DatabaseGHSA-7FQM-JM52-F9VC
HistorySep 29, 2022 - 12:00 a.m.

rdiffweb vulnerable to Use of Cache Containing Sensitive Information

2022-09-2900:00:19
CWE-524
GitHub Advisory Database
github.com
15
rdiffweb
version 2.4.9
cache vulnerability
sensitive information

CVSS3

4.6

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS

0.001

Percentile

31.5%

rdiffweb prior to version 2.4.9 is vulnerable to Use of Cache Containing Sensitive Information. Due to improper cache control, an attacker can view sensitive information even if they are not logged into an account. Version 2.4.9 contains a patch for this issue.

Affected configurations

Vulners
Node
rdiffwebrdiffwebRange<2.4.9

CVSS3

4.6

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS

0.001

Percentile

31.5%

Related for GHSA-7FQM-JM52-F9VC