Fluid Attacks Database

Description

rdiffweb vulnerable to Use of Cache Containing Sensitive Information rdiffweb prior to version 2.4.9 is vulnerable to Use of Cache Containing Sensitive Information. Due to improper cache control, an attacker can view sensitive information even if they are not logged into an account. Version 2.4.9 contains a patch for this issue.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
pypi	rdiffweb	>=0 <2.4.9	2.4.9

Aliases

1. CVE-2022-32922. NVD-2022-32923. OSV-2022-32924. GCVE-2022-3292

References

1. https://github.com/ikus060/rdiffweb/commit/2406780831618405a13113377a784f3102465f402. https://github.com/pypa/advisory-database/tree/main/vulns/rdiffweb/PYSEC-2022-296.yaml3. https://huntr.dev/bounties/e9309018-e94f-4e15-b7d1-5d38b6021c5d

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.