544 matches found
CVE-2022-4646
The CVE concerns rdiffweb (GitHub: ikus060/rdiffweb) prior to version 2.5.4. The vulnerability is a Cross-Site Request Forgery (CSRF) in the web application, enabling unintended actions on a user’s account. The root cause is CSRF in the vulnerable web interface; no exploit details are provided in...
PT-2022-6548 · Rdiffweb · Rdiffweb
Name of the Vulnerable Software and Affected Versions: rdiffweb versions prior to 2.5.5 Description: The issue is related to a primary weakness in the rdiffweb GitHub repository, allowing for authentication bypass. This weakness is due to the username field not being unique to users, enabling...
CVE-2022-4646 Cross-Site Request Forgery (CSRF) in ikus060/rdiffweb
Cross-Site Request Forgery CSRF in GitHub repository ikus060/rdiffweb prior to 2.5.4...
Privilege Escalation
rdiffweb is vulnerable to privilege escalation. The vulnerability exists because the library does not properly block repository access when the userroot directory is empty or a relative path, allowing an attacker to modify access roles...
GHSA-G594-55MP-F6Q8 Improper Privilege Management in rdiffweb
Unauthorized access to settings update, logs , history, delete etc in GitHub repository ikus060/rdiffweb prior to 2.5.2...
Improper Privilege Management in rdiffweb
Unauthorized access to settings update, logs , history, delete etc in GitHub repository ikus060/rdiffweb prior to 2.5.2...
CVE-2022-4314
Improper Privilege Management in GitHub repository ikus060/rdiffweb prior to 2.5.2...
PYSEC-2022-43002
Improper Privilege Management in GitHub repository ikus060/rdiffweb prior to 2.5.2...
Rdiffweb 安全漏洞
Rdiffweb is a web application by Patrik Dufresne, an individual developer in the USA. It provides quick access to your files through an efficient web interface. A security vulnerability exists in Rdiffweb versions prior to 2.5.2, which stems from improper privilege management...
PT-2022-26770 · Rdiffweb · Rdiffweb
Name of the Vulnerable Software and Affected Versions: rdiffweb versions prior to 2.5.2 Description: The issue is related to improper privilege management, allowing unauthorized access to settings update, logs, history, delete, and other features. Recommendations: For versions prior to 2.5.2,...
CVE-2022-4314 Improper Privilege Management in ikus060/rdiffweb
Improper Privilege Management in GitHub repository ikus060/rdiffweb prior to 2.5.2...
CVE-2022-4314 Improper Privilege Management in ikus060/rdiffweb
Improper Privilege Management in GitHub repository ikus060/rdiffweb prior to 2.5.2...
Authentication Bypass
rdiffweb is vulnerable to authentication bypass. The vulnerability exits in config.py, because the application does not ask for 2FA during the user email change, allowing a local attacker to turn of 2FA on an account...
GHSA-4WPH-9VRM-6V3W Rdiffweb vulnerable to Missing Authentication for Critical Function
Missing Authentication for Critical Function in GitHub repository ikus060/rdiffweb prior to 2.5.0a6...
Rdiffweb vulnerable to Missing Authentication for Critical Function
Missing Authentication for Critical Function in GitHub repository ikus060/rdiffweb prior to 2.5.0a6...
CVE-2022-4018
Missing Authentication for Critical Function in GitHub repository ikus060/rdiffweb prior to 2.5.0a6...
PYSEC-2022-43001
Missing Authentication for Critical Function in GitHub repository ikus060/rdiffweb prior to 2.5.0a6...
PYSEC-2022-43001
Missing Authentication for Critical Function in GitHub repository ikus060/rdiffweb prior to 2.5.0a6...
Improper Session Management
rdiffweb is vulnerable to Improper Session Management. The vulnerability exists because the library does not invalidate all the session tokens for a user on a password change, resulting in users logged in with the old password to continue being logged in...
CVE-2022-4018 Missing Authentication for Critical Function in ikus060/rdiffweb
Missing Authentication for Critical Function in GitHub repository ikus060/rdiffweb prior to 2.5.0a6...