CVE-2022-3269 Session Fixation in ikus060/rdiffweb

Session Fixation in GitHub repository ikus060/rdiffweb prior to 2.4.7...

CVE-2022-3267 Cross-Site Request Forgery (CSRF) in ikus060/rdiffweb

Cross-Site Request Forgery CSRF in GitHub repository ikus060/rdiffweb prior to 2.4.6...

PT-2022-21232 · Rdiffweb · Rdiffweb

Name of the Vulnerable Software and Affected Versions: rdiffweb versions prior to 2.4.6 Description: The issue is related to Cross-Site Request Forgery CSRF in the GitHub repository ikus060/rdiffweb. This could potentially lead to disabling notifications in a user's profile. Recommendations: For...

GHSA-MJW4-XVX6-3GRG rdiffweb vulnerable to Sensitive Cookie in HTTPS Session Without 'Secure' Attribute

rdiffweb version 2.4.1 is vulnerable to Sensitive Cookie in HTTPS Session Without 'Secure' Attribute. This makes it so that a user's cookies can be sent to the server with an unencrypted request over the HTTP protocol. Version 2.4.2 contains a fix for the issue...

PT-2022-20901 · Rdiffweb · Rdiffweb

Name of the Vulnerable Software and Affected Versions: rdiffweb versions prior to 2.4.2 Description: The issue concerns a missing custom error page in the GitHub repository ikus060/rdiffweb. This results in the leakage of error information. The problem is resolved in version 2.4.2. Recommendation...

PT-2022-20882 · Rdiffweb · Rdiffweb

Name of the Vulnerable Software and Affected Versions: rdiffweb versions prior to 2.4.1 Description: The issue is related to improper restriction of rendered UI layers or frames, allowing attackers to perform clickjacking attacks. This can trick victims into performing actions such as entering...