Lucene search
GoogleOSV:GHSA-9VXF-MCM6-5M42HistorySep 22, 2022 - 12:00 a.m.
rdiffweb CSRF could lead to disabling notifications in user profile
2022-09-2200:00:21
Google
osv.dev
11
rdiffweb
csrf
cross-site request forgery
notifications
user profile
software
CVSS3
4.3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
EPSS
0.001
Percentile
30.0%
rdiffweb prior to 2.4.6 is vulnerable to Cross-Site Request Forgery (CSRF), which could lead to disabling notifications in a user’s profile.
Related
osv
osv
PYSEC-2022-285
2022-09-21 20:15:00
CVE-2022-3233
2022-09-21 20:15:10
veracode
veracode
Cross-site Request Forgery (CSRF)
2022-09-22 05:30:37
cvelist
cvelist
CVE-2022-3233 Cross-Site Request Forgery (CSRF) in ikus060/rdiffweb
2022-09-21 19:40:08
huntr
huntr
CSRF leads to disabling notifications in users profile
2022-09-16 14:49:43
github
github
rdiffweb CSRF could lead to disabling notifications in user profile
2022-09-22 00:00:21
prion
prion
Cross site request forgery (csrf)
2022-09-21 20:15:00
cve
cve
CVE-2022-3233
2022-09-21 20:15:10
nvd
nvd
CVE-2022-3233
2022-09-21 20:15:10
CVSS3
4.3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
EPSS
0.001
Percentile
30.0%
Related for OSV:GHSA-9VXF-MCM6-5M42