logo

Advisories

Weaknesses

Fixes

Requirements

Compliance

CVE-2022-3179 rdiffweb

Package

Manager: pip
Name: rdiffweb
Vulnerable Version: =2.4.1 || >=2.4.1 <2.4.2

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

EPSS: 0.00127 pctl0.32892

Details

rdiffweb contains Weak Password Requirements rdiffweb version 2.4.1 has no password policy or password checking, which could make users vulnerable to brute force password guessing attacks. Version 2.4.2 enforces minimum and maximum password lengths.

Metadata

Created: 2022-09-14T00:00:43Z
Modified: 2024-10-25T21:32:14Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/09/GHSA-mp5p-g2jv-r8qw/GHSA-mp5p-g2jv-r8qw.json
CWE IDs: ["CWE-521"]
Alternative ID: GHSA-mp5p-g2jv-r8qw
Finding: F035
Auto approve: 1