Fluid Attacks Database

Description

Improper Privilege Management in rdiffweb Unauthorized access to settings update, logs , history, delete etc in GitHub repository ikus060/rdiffweb prior to 2.5.2.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
pypi	rdiffweb	>=0 <2.5.2	2.5.2

Aliases

1. CVE-2022-43142. NVD-2022-43143. OSV-2022-43144. GCVE-2022-4314

References

1. https://github.com/ikus060/rdiffweb/commit/b2df3679564d0daa2856213bb307d3e34bd89a252. https://github.com/pypa/advisory-database/tree/main/vulns/rdiffweb/PYSEC-2022-43002.yaml3. https://huntr.dev/bounties/b2dc504d-92ae-4221-a096-12ff223d95a84. https://www.cve.org/CVERecord?id=CVE-2022-4314

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.