Fluid Attacks Database

Description

rdiffweb CSRF vulnerability in admin area can lead to deletion of repositories and users rdiffweb prior to 2.4.5 is vulnerable to Cross-Site Request Forgery (CSRF). An attacker exploiting this vulnerability can use it to delete repositories and users.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
pypi	rdiffweb	>=0 <2.4.5	2.4.5

Aliases

1. CVE-2022-32322. NVD-2022-32323. OSV-2022-32324. GCVE-2022-3232

References

1. https://github.com/ikus060/rdiffweb/commit/422791ea45713aaaa865bdca74addb9fffd93a712. https://github.com/pypa/advisory-database/tree/main/vulns/rdiffweb/PYSEC-2022-281.yaml3. https://huntr.dev/bounties/15c8fd98-7f50-4d46-b013-42710af1f99c

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.