CVE-2022-3167 – rdiffweb

Package

Manager: pip
Name: rdiffweb
Vulnerable Version: >=0 <2.4.1

Severity

Level: Critical

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

EPSS: 0.00192 pctl0.41306

Details

rdiffweb vulnerable to Improper Restriction of Rendered UI Layers or Frames rdiffweb prior to 2.4.1 is vulnerable to Improper Restriction of Rendered UI Layers or Frames. This allows attackers to perform clickjacking attacks that can trick victims into performing actions such as entering passwords, liking or deleting posts, and/or initiating an account deletion. This issue has been patched in version 2.4.1.

Metadata

Created: 2022-09-09T00:00:56Z
Modified: 2024-10-25T21:26:50Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/09/GHSA-m379-x4xc-38x9/GHSA-m379-x4xc-38x9.json
CWE IDs: ["CWE-1021"]
Alternative ID: GHSA-m379-x4xc-38x9
Finding: F360
Auto approve: 1