Fluid Attacks Database

Description

rdiffweb Cross-Site Request Forgery vulnerability rdiffweb prior to 2.4.6 is vulnerable to cross-site request forgery on the repository settings. A malicious user can change the settings of a repository by sending a URL to the victim. This issue is fixed in version 2.4.6.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
pypi	rdiffweb	>=0 <2.4.6	2.4.6

Aliases

1. CVE-2022-32672. NVD-2022-32673. OSV-2022-32674. GCVE-2022-3267

References

1. https://github.com/ikus060/rdiffweb/commit/20fc0d304412cc569b21f31e52cb8b94094d63142. https://github.com/pypa/advisory-database/tree/main/vulns/rdiffweb/PYSEC-2022-284.yaml3. https://huntr.dev/bounties/7b6ec9f4-4fe9-4716-8dba-3491ffa3f6f2

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.