Lucene search
GitHub Advisory DatabaseGHSA-CW2V-WV4G-W4P6HistorySep 18, 2022 - 12:00 a.m.
rdiffweb CSRF vulnerability in admin area can lead to deletion of repositories and users
2022-09-1800:00:30
CWE-352
GitHub Advisory Database
github.com
9
rdiffweb
cross-site request forgery
deletion
repositories
users
CVSS3
4.3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
EPSS
0.001
Percentile
30.0%
rdiffweb prior to 2.4.5 is vulnerable to Cross-Site Request Forgery (CSRF). An attacker exploiting this vulnerability can use it to delete repositories and users.
Affected configurations
Node
rdiffwebrdiffwebRange<2.4.5
Related
prion
prion
Cross site request forgery (csrf)
2022-09-17 20:15:00
huntr
huntr
osv
osv
PYSEC-2022-281
2022-09-17 20:15:00
CVE-2022-3232
2022-09-17 20:15:09
cve
cve
CVE-2022-3232
2022-09-17 20:15:09
veracode
veracode
Cross-site Request Forgery (CSRF)
2022-09-19 08:48:13
cvelist
cvelist
CVE-2022-3232 Cross-Site Request Forgery (CSRF) in ikus060/rdiffweb
2022-09-17 19:40:08
nvd
nvd
CVE-2022-3232
2022-09-17 20:15:09
CVSS3
4.3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
EPSS
0.001
Percentile
30.0%
Related for GHSA-CW2V-WV4G-W4P6