42 matches found
CVE-2023-5289
CVE-2023-5289 affects the rdiffweb project from ikus060, specifically versions prior to 2.8.4. The root issue is Allocation of Resources Without Limits or Throttling, leading to potential resource exhaustion. The known remediation is to upgrade to version 2.8.4 or later. Exploitation details are ...
CVE-2022-3221
CVE-2022-3221 affects ikus060/rdiffweb prior to version 2.4.3, where a CSRF flaw in the profile SSH keys flow can enable unauthorized access. The issue arises from accepting a GET request during SSH-key operations, leading to key addition without proper user interaction. The vulnerability is miti...
CVE-2022-3274
CVE-2022-3274 is a Cross-Site Request Forgery (CSRF) vulnerability affecting the rdiffweb project (GitHub: ikus060/rdiffweb) prior to version 2.4.7. Multiple connected sources describe CSRF exposure that can allow an attacker to change a user's email address/settings. The confirmed remediation is...
CVE-2022-3179
CVE-2022-3179 concerns weak password requirements in the rdiffweb project (ikus060/rdiffweb) prior to version 2.4.2. The issue is described across multiple sources as the software lacking a proper password policy, which could permit weak or easily guessable passwords and enable brute-force-style ...
CVE-2022-3232
The CVE-2022-3232 entry concerns a CSRF vulnerability in the GitHub repository ikus060/rdiffweb, affecting versions prior to 2.4.5. The cited advisories describe that an attacker could exploit this CSRF in the admin area to delete repositories and users. Relevant details indicate the affected sof...
CVE-2022-3272
CVE-2022-3272 concerns rdiffweb prior to 2.4.8. The root cause is improper handling of a length parameter in email input (no validation beyond long strings), enabling a denial-of-service condition. Affected software is the rdiffweb web application; the vulnerability is evidenced by multiple sourc...
CVE-2022-3292
The CVE CVE-2022-3292 affects rdiffweb prior to 2.4.8, caused by improper cache control that allows a cache containing sensitive information to be exposed. This is an information disclosure vulnerability in the web application, with impact on confidentiality and no listed exploit details in the p...
CVE-2022-3389
The CVE-2022-3389 entry concerns the Rdiffweb project (ikus060/rdiffweb). Affected version: prior to 2.4.10, with a Path Traversal vulnerability in the file/path handling. The issue is documented as a vulnerability in path traversal (no exploitation details provided in the connected sources). Mit...
CVE-2022-3362
CVE-2022-3362 affects ikus060/rdiffweb prior to 2.5.0, due to insufficient session expiration. This is documented as a high-severity issue (CVE base score 9.8, critical) with network access required and no user interaction. The vulnerability arises from inadequate session expiration handling in t...
CVE-2022-4018
CVE-2022-4018 affects the GitHub repository ikus060/rdiffweb, with versions prior to 2.5.0a6 vulnerable due to a missing authentication mechanism for a critical function. Multiple sources (GHSA, OSV, NVD, CVE lists, PT security advisories) corroborate the issue and reference an access-control fai...
CVE-2022-3364
CVE-2022-3364 affects ikus060/rdiffweb before 2.5.0a3. The issue is an unlimited length of the Fullname parameter, enabling resource exhaustion and potential memory corruption that can lead to a Denial of Service. Root cause: no enforcement of a maximum length for Fullname; impact described as Do...
CVE-2022-3301
CVE-2022-3301 affects rdiffweb prior to version 2.4.8. The root cause is improper cleanup on a thrown exception in the application, which can allow an attacker to influence the content displayed to users (e.g., displaying a message of their choice or injecting misleading data into a page). Refere...
CVE-2022-3167
The vulnerability described for CVE-2022-3167 affects the rdiffweb project, with versions prior to 2.4.1 affected. The root cause is an improper restriction of rendered UI layers or frames, enabling clickjacking attacks. This can trick users into performing actions (e.g., entering passwords, liki...
CVE-2022-3363
CVE-2022-3363 affects rdiffweb prior to 2.5.0a7. The issue is described as business logic errors in the GitHub repository ikus060/rdiffweb. Practical impact is reflected by the high base scores in the CVSS vectors (critical in NVD). Affected component: rdiffweb software; root cause: business logi...
CVE-2022-4722
CVE-2022-4722 affects rdiffweb (ikus060/rdiffweb) prior to version 2.5.5. The root cause is a non-unique username field that breaks primary-key logic, enabling an authentication bypass and potential unauthorized access. The issue is documented in multiple sources (GHSA, OSV) and is confirmed with...
CVE-2022-3250
CVE-2022-3250 affects the rdiffweb project (GitHub ikus060/rdiffweb) prior to version 2.4.6. The root issue is a session cookie (session_id) that is not marked with the Secure attribute when the URL is invalid, exposing the cookie over non-secure channels. Several sources confirm the vulnerabilit...
CVE-2022-3327
CVE-2022-3327 affects rdiffweb (GitHub: ikus060/rdiffweb) with a missing authentication flaw in a critical function prior to version 2.5.0a6. The issue stems from insufficient access controls on a function that should require authentication, enabling potential unauthorized access or actions. Publ...
CVE-2022-4721
CVE-2022-4721 affects the rdiffweb project (ikus060/rdiffweb). The issue is a lack of sanitization of characters in SSH key names, enabling special-element injection (a hyperlink injection) that could redirect victims to malicious sites. Affected versions are prior to 2.5.5. Exploitation details ...
CVE-2022-3233
CVE-2022-3233 describes a Cross-Site Request Forgery (CSRF) vulnerability in the GitHub repository ikus060/rdiffweb, affecting versions prior to 2.4.6. The issue enables CSRF due to insufficient request validation, potentially allowing an attacker to trigger actions such as disabling user notific...
CVE-2022-4314
CVE-2022-4314 concerns the GitHub repository ikus060/rdiffweb, where an issue with improper privilege management allowed unauthorized access to settings updates, logs, history, and deletion features in versions prior to 2.5.2. The connected sources confirm affected software and the root cause, wi...
CVE-2022-4724
The CVE-2022-4724 entry concerns the rdiffweb project by ikus060 and stems from improper access control in versions prior to 2.5.5. The NVD entry lists a base CVSSv3.1 score of 9.8 (CRITICAL) with NETWORK attack vector and high impact on confidentiality, integrity, and availability; CNA/other sou...
CVE-2022-4646
The CVE concerns rdiffweb (GitHub: ikus060/rdiffweb) prior to version 2.5.4. The vulnerability is a Cross-Site Request Forgery (CSRF) in the web application, enabling unintended actions on a user’s account. The root cause is CSRF in the vulnerable web interface; no exploit details are provided in...
CVE-2022-3298
CVE-2022-3298 refers to a resource allocation vulnerability in the rdiffweb project by ikus060, where prior to version 2.4.8 an unlimited-length title field (used when adding an SSH key) can cause excessive memory usage and lead to a Denial of Service. Multiple sources corroborate the issue, with...
CVE-2022-4719
CVE-2022-4719 concerns RDiffWeb (GitHub: ikus060/rdiffweb) with Business Logic Errors in versions prior to 2.5.5 . The connected materials consistently identify the issue type as business logic, affecting pre-2.5.5 builds. A remediation is to upgrade to version 2.5.5 or later . The sources do not...
CVE-2022-3438
CVE-2022-3438 concerns an open redirect in the GitHub repo ikus060/rdiffweb, affected before version 2.5.0a4. The vulnerability stems from inadequate input handling/validation enabling redirect to arbitrary URLs when used for invitations, links, or navigation. Impact is described as open redirect...
CVE-2022-3295
CVE-2022-3295 affects the rdiffweb project (rdiffweb, prior to 2.4.8). The root cause is unlimited length for root directory names, allowing a crafted long string to trigger a denial of service. Impact is a DoS condition with potential memory issues; no data confidentiality or integrity impact is...
CVE-2022-3456
CVE-2022-3456 affects the rdiffweb project (ikus060/rdiffweb) prior to version 2.5.0. The root cause is Allocation of Resources Without Limits or Throttling, potentially enabling resource exhaustion and affecting availability. NVD metrics yield a CRITICAL base score (CVSS 3.1: 9.8, network attack...
CVE-2022-4723
rdiffweb (ikus060/rdiffweb) prior to version 2.5.5 is affected by an absence of rate limiting on the resend email feature when enabling or disabling 2FA via the /prefs/mfa endpoint. This can allow resource allocation without limits, as described across multiple sources. Affected component is the ...
CVE-2022-3326
Summary: CVE-2022-3326 affects the rdiffweb project (ikus060/rdiffweb) prior to version 2.4.9. The root cause is weak password requirements due to insufficient validation of password entropy, which allows bypassing the intended password complexity policy that requires 8–128 characters. The result...
CVE-2022-3371
CVE-2022-3371 affects rdiffweb prior to 2.5.0a3. The vulnerability stems from unbounded Token name length, allowing Allocation of Resources Without Limits or Throttling, leading to DoS or memory corruption. The issue is fixed in version 2.5.0a3. If upgrading is not possible, a temporary mitigatio...
CVE-2022-3267
CVE-2022-3267 affects the rdiffweb project (ikus060/rdiffweb), with a Cross-Site Request Forgery (CSRF) in repository settings prior to version 2.4.6. The vulnerability could allow an attacker to modify repository settings when a victim is authenticated, as indicated by multiple sources in the co...
CVE-2022-3457
CVE-2022-3457 documents an Origin Validation Error in the rdiffweb project by ikus060, prior to version 2.5.0a5. The issue arises from improper origin validation in web traffic, enabling an access-control-related vulnerability. Public references in GHSA and OSV entries corroborate the same adviso...
CVE-2022-4644
CVE-2022-4644 affects the rdiffweb project in the GitHub repository ikus060/rdiffweb, specifically versions prior to 2.5.4. The issue is an Open Redirect vulnerability caused by an input/redirection handling weakness. Impact stated in sources is consistent with an Open Redirect; no exploitation d...
CVE-2022-3174
CVE-2022-3174 affects rdiffweb prior to 2.4.2, where cookies are transmitted over HTTPS without the Secure attribute, exposing confidentiality. The issue impacts the GitHub repo ikus060/rdiffweb; CVSS v3.1/3.0 base score 7.5 (HIGH) with network attacker, no user interaction. Affected component: s...
CVE-2022-4720
Open Redirect vulnerability CVE-2022-4720 affects the rdiffweb project (GitHub: ikus060/rdiffweb) prior to version 2.5.5. Root cause details are not explicitly provided in the initial document beyond the classification as an Open Redirect. Impact and exploitation specifics are not enumerated in t...
CVE-2022-3273
CVE-2022-3273 affects the GitHub repository ikus060/rdiffweb, specifically versions prior to 2.5.0a4. The root cause is an allocation of resources without limits or throttling. The vulnerability can lead to resource exhaustion, affecting availability and potentially exposing or degrading service ...
CVE-2022-3290
CVE-2022-3290 affects the rdiffweb project (ikis060/rdiffweb) prior to 2.4.8, where the root cause is improper handling/validation of the length parameter for the username field. This can be exploited to trigger a Denial of Service due to excessive memory use, with the DoS condition explicitly do...
CVE-2022-3439
CVE-2022-3439 affects rdiffweb in the GitHub repository ikus060/rdiffweb prior to version 2.5.0. The root cause is allocation of resources without limits or throttling, which can impact availability and also affect confidentiality and integrity as indicated by CVSS 3.1/3.0 assessments (high impac...
CVE-2022-3175
CVE-2022-3175 affects the rdiffweb project in the GitHub repository ikus060/rdiffweb prior to version 2.4.2. The vulnerability is a missing custom error page which leads to leakage of error information. The issue is resolved in version 2.4.2. Mitigation: upgrade to 2.4.2 or later. Exploitation de...
CVE-2022-3269
CVE-2022-3269 affects the rdiffweb web application (itas ikus060/rdiffweb) prior to version 2.4.7. The root cause is failure to invalidate session cookies on logout, enabling session fixation where an attacker can reuse a valid cookie to access a user account after login/logout sequences. Impact ...
CVE-2022-3376
CVE-2022-3376 affects rdiffweb (ikus060/rdiffweb) prior to version 2.5.0a4. The reported issue is weak password requirements that allow a new password to be the same as the old one during password reset. According to multiple sources (GHSA/OSV/PYSEC and NVD entries), this is mitigated in 2.5.0a4 ...
CVE-2023-4138
Summary: CVE-2023-4138 affects the GitHub-hosted project ikus060/rdiffweb, prior to version 2.8.0. The root cause is allocation of resources without limits or throttling, enabling potential abuse. What’s affected: Rdiffweb, specifically components handling report/notification logic that can be ex...