544 matches found
Session fixation
Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository ikus060/rdiffweb prior to 2.4.6...
CVE-2022-3250 Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in ikus060/rdiffweb
Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository ikus060/rdiffweb prior to 2.4.6...
CVE-2022-3250 Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in ikus060/rdiffweb
Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository ikus060/rdiffweb prior to 2.4.6...
CVE-2022-3250
CVE-2022-3250 affects the rdiffweb project (GitHub ikus060/rdiffweb) prior to version 2.4.6. The root issue is a session cookie (session_id) that is not marked with the Secure attribute when the URL is invalid, exposing the cookie over non-secure channels. Several sources confirm the vulnerabilit...
Rdiffweb 安全漏洞
Rdiffweb is a web application by Patrik Dufresne, an individual developer in the USA. It provides quick access to your archives through an efficient web interface. A security vulnerability exists in Rdiffweb versions prior to 2.4.6, which stems from a sensitive cookie in an HTTPS session that doe...
Rdiffweb 跨站请求伪造漏洞
Rdiffweb is a web application by Patrik Dufresne, an individual developer in the USA. It provides quick access to your archives through an efficient web interface. A cross-site request forgery vulnerability exists in Rdiffweb versions prior to 2.4.6, which stems from cross-site request forgery CS...
PT-2022-21232 · Rdiffweb · Rdiffweb
Name of the Vulnerable Software and Affected Versions: rdiffweb versions prior to 2.4.6 Description: The issue is related to Cross-Site Request Forgery CSRF in the GitHub repository ikus060/rdiffweb. This could potentially lead to disabling notifications in a user's profile. Recommendations: For...
Cross-site Request Forgery (CSRF)
rdiffweb is vulnerable to cross-site request forgery. The vulnerability exists in repository and user deletions because the server accepts the GET request for deleting repositories and users which allows an attacker to cause a CSRF attack...
GHSA-CW2V-WV4G-W4P6 rdiffweb CSRF vulnerability in admin area can lead to deletion of repositories and users
rdiffweb prior to 2.4.5 is vulnerable to Cross-Site Request Forgery CSRF. An attacker exploiting this vulnerability can use it to delete repositories and users...
rdiffweb CSRF vulnerability in admin area can lead to deletion of repositories and users
rdiffweb prior to 2.4.5 is vulnerable to Cross-Site Request Forgery CSRF. An attacker exploiting this vulnerability can use it to delete repositories and users...
CVE-2022-3232
Cross-Site Request Forgery CSRF in GitHub repository ikus060/rdiffweb prior to 2.4.5...
Cross site request forgery (csrf)
Cross-Site Request Forgery CSRF in GitHub repository ikus060/rdiffweb prior to 2.4.5...
PYSEC-2022-281
Cross-Site Request Forgery CSRF in GitHub repository ikus060/rdiffweb prior to 2.4.5...
CVE-2022-3232 Cross-Site Request Forgery (CSRF) in ikus060/rdiffweb
Cross-Site Request Forgery CSRF in GitHub repository ikus060/rdiffweb prior to 2.4.5...
CVE-2022-3232 Cross-Site Request Forgery (CSRF) in ikus060/rdiffweb
Cross-Site Request Forgery CSRF in GitHub repository ikus060/rdiffweb prior to 2.4.5...
CVE-2022-3232
The CVE-2022-3232 entry concerns a CSRF vulnerability in the GitHub repository ikus060/rdiffweb, affecting versions prior to 2.4.5. The cited advisories describe that an attacker could exploit this CSRF in the admin area to delete repositories and users. Relevant details indicate the affected sof...
Rdiffweb 跨站请求伪造漏洞
Rdiffweb is a web application by Patrik Dufresne, an individual developer in the USA. It provides quick access to your archives through an efficient web interface. A cross-site request forgery vulnerability exists in Rdiffweb versions prior to 2.4.5. An attacker could exploit this vulnerability t...
Cross-site Request Forgery (CSRF)
Rdiffweb is vulnerable to Cross-Site Request Forgery. The vulnerability is due to the ssh keys endpoint accepting post requests. An attacker can exploit this vulnerability to add unauthorized ssh keys to the system...
rdiffweb CSRF vulnerability in profile's SSH keys can lead to unauthorized access
rdiffweb prior to 2.4.3 is vulnerable to Cross-Site Request Forgery CSRF. While adding SSH public keys to the profile, the server accepts the GET request, which results in adding an SSH public key to the profile and leads to unauthorized access to the system and backups. Version 2.4.3 contains a...
GHSA-VQ4H-XRWC-M639 rdiffweb CSRF vulnerability in profile's SSH keys can lead to unauthorized access
rdiffweb prior to 2.4.3 is vulnerable to Cross-Site Request Forgery CSRF. While adding SSH public keys to the profile, the server accepts the GET request, which results in adding an SSH public key to the profile and leads to unauthorized access to the system and backups. Version 2.4.3 contains a...