Lucene search
GitHub Advisory DatabaseGHSA-9VXF-MCM6-5M42HistorySep 22, 2022 - 12:00 a.m.
rdiffweb CSRF could lead to disabling notifications in user profile
2022-09-2200:00:21
CWE-352
GitHub Advisory Database
github.com
7
rdiffweb
vulnerability
csrf
version 2.4.6
disabling notifications
user profile
software
CVSS3
4.3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
EPSS
0.001
Percentile
30.0%
rdiffweb prior to 2.4.6 is vulnerable to Cross-Site Request Forgery (CSRF), which could lead to disabling notifications in a user’s profile.
Affected configurations
Node
rdiffwebrdiffwebRange<2.4.6
Related
osv
osv
PYSEC-2022-285
2022-09-21 20:15:00
rdiffweb CSRF could lead to disabling notifications in user profile
2022-09-22 00:00:21
CVE-2022-3233
2022-09-21 20:15:10
veracode
veracode
Cross-site Request Forgery (CSRF)
2022-09-22 05:30:37
cvelist
cvelist
CVE-2022-3233 Cross-Site Request Forgery (CSRF) in ikus060/rdiffweb
2022-09-21 19:40:08
huntr
huntr
CSRF leads to disabling notifications in users profile
2022-09-16 14:49:43
prion
prion
Cross site request forgery (csrf)
2022-09-21 20:15:00
cve
cve
CVE-2022-3233
2022-09-21 20:15:10
nvd
nvd
CVE-2022-3233
2022-09-21 20:15:10
CVSS3
4.3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
EPSS
0.001
Percentile
30.0%
Related for GHSA-9VXF-MCM6-5M42