Lucene search
Veracode Vulnerability DatabaseVERACODE:38750HistoryJan 03, 2023 - 10:55 a.m.
Improper Access Control
2023-01-0310:55:05
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
7
rdiffweb
access control
ssh key
duplicate
broken access control
vulnerability
software
EPSS
0.002
Percentile
54.4%
rdiffweb is vulnerable to improper access control. The library allows the same SSH key to be used by multiple users because it identifies a duplicate SSH key via SSH key name which is only a title to identify the key and not the actual SSH key resulting in broken access control.
Related
cvelist
cvelist
CVE-2022-4724 Improper Access Control in ikus060/rdiffweb
2022-12-23 00:00:00
github
github
rdiffweb Improper Access Control vulnerability
2022-12-27 15:30:19
osv
osv
rdiffweb Improper Access Control vulnerability
2022-12-27 15:30:19
CVE-2022-4724
2022-12-27 15:15:12
PYSEC-2022-43010
2022-12-27 15:15:00
cve
cve
CVE-2022-4724
2022-12-27 15:15:12
huntr
huntr
Application allows to add same SSH key among different users
2022-12-23 05:33:54
nvd
nvd
CVE-2022-4724
2022-12-27 15:15:12
prion
prion
Improper access control
2022-12-27 15:15:00