Fluid Attacks Database

Description

rdiffweb Cross-Site Request Forgery vulnerability can lead to user email ID being changed rdiffwen prior to version 2.4.7 is vulnerable to Cross-Site Request Forgery (CSRF). An attacker can change a user's email ID. Version 2.4.7 has a fix for this issue.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
pypi	rdiffweb	>=0 <2.4.7	2.4.7

Aliases

1. CVE-2022-32742. NVD-2022-32743. OSV-2022-32744. GCVE-2022-3274

References

1. https://github.com/ikus060/rdiffweb/commit/e974df75bdbcff3996ad70bd1b4424ec1485ea3f2. https://github.com/pypa/advisory-database/tree/main/vulns/rdiffweb/PYSEC-2022-289.yaml3. https://huntr.dev/bounties/8834c356-4ddb-4be7-898b-d76f480e9c3f

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.