PYSEC-2022-42978

Business Logic Errors in GitHub repository ikus060/rdiffweb prior to 2.5.0a7...

Code injection

Business Logic Errors in GitHub repository ikus060/rdiffweb prior to 2.5.0a7...

PYSEC-2022-42978

Business Logic Errors in GitHub repository ikus060/rdiffweb prior to 2.5.0a7...

PT-2022-21793 · Rdiffweb · Rdiffweb

Name of the Vulnerable Software and Affected Versions: rdiffweb versions prior to 2.5.0a7 Description: The issue concerns Business Logic Errors in the GitHub repository ikus060/rdiffweb. Recommendations: For versions prior to 2.5.0a7, update to version 2.5.0a7 or later to resolve the issue...

CVE-2022-3363 Business Logic Errors in ikus060/rdiffweb

Business Logic Errors in GitHub repository ikus060/rdiffweb prior to 2.5.0a7...

CVE-2022-3363 Business Logic Errors in ikus060/rdiffweb

Business Logic Errors in GitHub repository ikus060/rdiffweb prior to 2.5.0a7...

Rdiffweb 安全漏洞

Rdiffweb is a web application by Patrik Dufresne, an individual developer in the USA. It provides quick access to your archives through an efficient web interface. A security vulnerability exists in Rdiffweb versions prior to 2.5.0a7, which stems from the presence of a business logic error...

CVE-2022-3363

CVE-2022-3363 affects rdiffweb prior to 2.5.0a7. The issue is described as business logic errors in the GitHub repository ikus060/rdiffweb. Practical impact is reflected by the high base scores in the CVSS vectors (critical in NVD). Affected component: rdiffweb software; root cause: business logi...

GHSA-99J5-FVG3-54PM Rdiffweb is missing authentication for critical function

Missing Authentication for Critical Function in GitHub repository ikus060/rdiffweb prior to 2.5.0...

Rdiffweb is missing authentication for critical function

Missing Authentication for Critical Function in GitHub repository ikus060/rdiffweb prior to 2.5.0...

Insecure Session Management

rdiffweb is vulnerable to insecure session management. The vulnerability exists because user sessions are not properly defined with session persistent timeout which allows an attacker to access the active sessions of other users and perform unauthorized actions...

CVE-2022-3327

Missing Authentication for Critical Function in GitHub repository ikus060/rdiffweb prior to 2.5.0a6...

PYSEC-2022-42977

Missing Authentication for Critical Function in GitHub repository ikus060/rdiffweb prior to 2.5.0a6...

CVE-2022-3327 Missing Authentication for Critical Function in ikus060/rdiffweb

Missing Authentication for Critical Function in GitHub repository ikus060/rdiffweb prior to 2.5.0a6...

Rdiffweb 访问控制错误漏洞

Rdiffweb is a web application by Patrik Dufresne, an individual developer in the USA. It provides quick access to your archives through an efficient web interface. An access control error vulnerability exists in Rdiffweb versions prior to 2.5.0a6, which stems from a lack of authentication for...

CVE-2022-3327 Missing Authentication for Critical Function in ikus060/rdiffweb

Missing Authentication for Critical Function in GitHub repository ikus060/rdiffweb prior to 2.5.0a6...

PT-2022-21760 · Rdiffweb · Rdiffweb

Name of the Vulnerable Software and Affected Versions: rdiffweb versions prior to 2.5.0a6 Description: The issue concerns a missing authentication for a critical function in the GitHub repository ikus060/rdiffweb. Recommendations: For versions prior to 2.5.0a6, update to version 2.5.0a6 or later ...

CVE-2022-3327

CVE-2022-3327 affects rdiffweb (GitHub: ikus060/rdiffweb) with a missing authentication flaw in a critical function prior to version 2.5.0a6. The issue stems from insufficient access controls on a function that should require authentication, enabling potential unauthorized access or actions. Publ...

Authentication Bypass

rdiffweb is vulnerable to authentication bypass. The vulnerability is due to a lack of a rate limit on the user login feature which allows an attacker to bruteforce the login page and access the previous user sessions...

Denial Of Service (DoS)

rdiffweb is vulnerable to denial of service. The vulnerability is due to the function checkratelimit in ratelimit.py missing a maximum number of requests per hour on sensitive endpoints allowing an attacker to cause an application crash via malicious input...