rdiffweb vulnerable to Cross-Site Request Forgery · CVE-2022-4646 · GitHub Advisory Database · GitHub

rdiffweb vulnerable to Cross-Site Request Forgery

High severity GitHub Reviewed Published Dec 22, 2022 to the GitHub Advisory Database • Updated Oct 25, 2024

Package

rdiffweb (pip)

Affected versions

< 2.5.4

Patched versions

2.5.4

Description

rdiffweb prior to version 2.5.4 is vulnerable to Cross-Site Request Forgery (CSRF).

References

Published by the National Vulnerability Database

Dec 22, 2022

Published to the GitHub Advisory Database Dec 22, 2022

Reviewed Dec 22, 2022

Last updated Oct 25, 2024

Severity

High

/ 10

CVSS v4 base metrics

Exploitability Metrics

Attack Vector Network

Attack Complexity Low

Attack Requirements None

Privileges Required None

User interaction Passive

Vulnerable System Impact Metrics

Confidentiality None

Integrity None

Availability High

Subsequent System Impact Metrics

Confidentiality None

Integrity None

Availability None

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N