rdiffweb vulnerable to Use of Cache Containing Sensitive Information

GHSA-7fqm-jm52-f9vc · CVE-2022-3292 · PYSEC-2022-296

Published Sep 29, 2022 · Modified Oct 16, 2024

Description

rdiffweb prior to version 2.4.9 is vulnerable to Use of Cache Containing Sensitive Information. Due to improper cache control, an attacker can view sensitive information even if they are not logged into an account. Version 2.4.9 contains a patch for this issue.

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2022-3292
WEB https://github.com/ikus060/rdiffweb/commit/2406780831618405a13113377a784f3102465f40
PACKAGE https://github.com/ikus060/rdiffweb
WEB https://github.com/pypa/advisory-database/tree/main/vulns/rdiffweb/PYSEC-2022-296.yaml
WEB https://huntr.dev/bounties/e9309018-e94f-4e15-b7d1-5d38b6021c5d

Ready to move

Start Securing

Start for Free Get Demo

Free, no credit card | First findings in minutes