CVE-2022-3267 Cross-Site Request Forgery (CSRF) in ikus060/rdiffweb

Cross-Site Request Forgery CSRF in GitHub repository ikus060/rdiffweb prior to 2.4.6...

Cross-site Request Forgery (CSRF)

rdiffweb is vulnerable to cross-site request forgery. The vulnerability exists in renderprefspanel function in prefnotification.py because the server accepts the GET request that is sent to modify repository notifications settings which allows an attacker to disable the notifications sent to user...

GHSA-M748-HJQG-RPP8 rdiffweb has insecure HTTP cookies

In rdiffweb prior to version 2.4.6, the cookie sessionid does not have a secure attribute when the URL is invalid. Version 2.4.6 contains a fix for the issue...

rdiffweb has insecure HTTP cookies

In rdiffweb prior to version 2.4.6, the cookie sessionid does not have a secure attribute when the URL is invalid. Version 2.4.6 contains a fix for the issue...

GHSA-9VXF-MCM6-5M42 rdiffweb CSRF could lead to disabling notifications in user profile

rdiffweb prior to 2.4.6 is vulnerable to Cross-Site Request Forgery CSRF, which could lead to disabling notifications in a user's profile...

rdiffweb CSRF could lead to disabling notifications in user profile

rdiffweb prior to 2.4.6 is vulnerable to Cross-Site Request Forgery CSRF, which could lead to disabling notifications in a user's profile...

PT-2022-21439 · Rdiffweb · Rdiffweb

Name of the Vulnerable Software and Affected Versions: rdiffweb versions prior to 2.4.7 Description: The issue is related to Cross-Site Request Forgery CSRF, which allows an attacker to change a user's email ID. Recommendations: For versions prior to 2.4.7, update to version 2.4.7 to resolve the...

Rdiffweb 跨站请求伪造漏洞

Rdiffweb is a web application by Patrik Dufresne, an individual developer in the USA. It provides quick access to your archives through an efficient web interface. A cross-site request forgery vulnerability exists in Rdiffweb versions prior to 2.4.7. An attacker could exploit this vulnerability t...

PT-2022-21433 · Rdiffweb · Rdiffweb

Name of the Vulnerable Software and Affected Versions: rdiffweb versions prior to 2.4.6 Description: The issue is related to Cross-Site Request Forgery CSRF in the repository settings. A malicious user can change the settings of a repository by sending a URL to the victim. Recommendations: For...

Rdiffweb 跨站请求伪造漏洞

Rdiffweb is a web application by Patrik Dufresne, an individual developer in the USA. It provides quick access to your archives through an efficient web interface. A cross-site request forgery vulnerability exists in Rdiffweb versions prior to 2.4.6. An attacker could exploit this vulnerability t...

CVE-2022-3233

Cross-Site Request Forgery CSRF in GitHub repository ikus060/rdiffweb prior to 2.4.6...

PYSEC-2022-285

Cross-Site Request Forgery CSRF in GitHub repository ikus060/rdiffweb prior to 2.4.6...

PYSEC-2022-285

Cross-Site Request Forgery CSRF in GitHub repository ikus060/rdiffweb prior to 2.4.6...

CVE-2022-3233 Cross-Site Request Forgery (CSRF) in ikus060/rdiffweb

Cross-Site Request Forgery CSRF in GitHub repository ikus060/rdiffweb prior to 2.4.6...

CVE-2022-3233 Cross-Site Request Forgery (CSRF) in ikus060/rdiffweb

Cross-Site Request Forgery CSRF in GitHub repository ikus060/rdiffweb prior to 2.4.6...

CVE-2022-3233

CVE-2022-3233 describes a Cross-Site Request Forgery (CSRF) vulnerability in the GitHub repository ikus060/rdiffweb, affecting versions prior to 2.4.6. The issue enables CSRF due to insufficient request validation, potentially allowing an attacker to trigger actions such as disabling user notific...

CVE-2022-3233 Cross-Site Request Forgery (CSRF) in ikus060/rdiffweb

Cross-Site Request Forgery CSRF in GitHub repository ikus060/rdiffweb prior to 2.4.6...

Information Disclosure

Rdiffweb is vulnerable to Sensitive Information Disclosure. The vulnerability exists due to an incomplete fix of CVE-2022-3174 which causes session cookies instantiated without the Secure attribute when the provided url is invalid. This flaw allows the transport of user cookies over insecure HTTP...

CVE-2022-3250

Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository ikus060/rdiffweb prior to 2.4.6...

PYSEC-2022-287

Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository ikus060/rdiffweb prior to 2.4.6...