EPSS
Percentile
57.1%
rdiffweb is vulnerable to Information Disclosure. The vulnerability is due to not having a rate limit on the password change feature which allows an attacker to bruteforce the existing password and set a new password.
github.com/advisories/GHSA-9g3v-v24q-jj5p
github.com/ikus060/rdiffweb/commit/b5e3bb0a98268d18ceead36ab9b2b7eaacd659a8
huntr.dev/bounties/a6df4bad-3382-4add-8918-760d885690f6
huntr.dev/bounties/a6df4bad-3382-4add-8918-760d885690f6/