Lucene search
Veracode Vulnerability DatabaseVERACODE:37236HistorySep 22, 2022 - 5:30 a.m.
Cross-site Request Forgery (CSRF)
2022-09-2205:30:37
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
12
cross-site request forgery
rdiffweb
render_prefs_panel
pref_notification.py
get request
repository notifications
csrf attack
0.001 Low
EPSS
Percentile
30.1%
rdiffweb is vulnerable to cross-site request forgery. The vulnerability exists in render_prefs_panel function in pref_notification.py because the server accepts the GET request that is sent to modify repository notifications settings which allows an attacker to disable the notifications sent to users’ email causing a CSRF attack.
Related
osv
osv
CVE-2022-3233
2022-09-21 20:15:10
PYSEC-2022-285
2022-09-21 20:15:00
rdiffweb CSRF could lead to disabling notifications in user profile
2022-09-22 00:00:21
cvelist
cvelist
CVE-2022-3233 Cross-Site Request Forgery (CSRF) in ikus060/rdiffweb
2022-09-21 19:40:08
huntr
huntr
CSRF leads to disabling notifications in users profile
2022-09-16 14:49:43
github
github
rdiffweb CSRF could lead to disabling notifications in user profile
2022-09-22 00:00:21
nvd
nvd
CVE-2022-3233
2022-09-21 20:15:10
cve
cve
CVE-2022-3233
2022-09-21 20:15:10
prion
prion
Cross site request forgery (csrf)
2022-09-21 20:15:00