EPSS
Percentile
30.1%
rdiffweb is vulnerable to cross site request forgery. The vulnerability exists in run function of auth_form.py due to lack of validation of session management which allows an attacker to gain access to sensitive information in the system.
run
auth_form.py
github.com/advisories/GHSA-85fp-523q-5xwc
github.com/ikus060/rdiffweb/commit/e6f0d8002129be90fe82fa3e3ea0a6942caba398
huntr.dev/bounties/17bc1b0f-1f5c-432f-88e4-c9866ccf6e10
huntr.dev/bounties/17bc1b0f-1f5c-432f-88e4-c9866ccf6e10/