CVE-2022-3292 – rdiffweb

Package

Manager: pip
Name: rdiffweb
Vulnerable Version: >=0 <2.4.9

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CVSS v4.0: CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00333 pctl0.55543

Details

rdiffweb vulnerable to Use of Cache Containing Sensitive Information rdiffweb prior to version 2.4.9 is vulnerable to Use of Cache Containing Sensitive Information. Due to improper cache control, an attacker can view sensitive information even if they are not logged into an account. Version 2.4.9 contains a patch for this issue.

Metadata

Created: 2022-09-29T00:00:19Z
Modified: 2024-10-16T21:36:40Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/09/GHSA-7fqm-jm52-f9vc/GHSA-7fqm-jm52-f9vc.json
CWE IDs: ["CWE-524"]
Alternative ID: GHSA-7fqm-jm52-f9vc
Finding: F065
Auto approve: 1