github - GHSA-mp5p-g2jv-r8qw

GHSA-mp5p-g2jv-r8qw

Vulnerability from github

Published

2022-09-14 00:00

Modified

2022-09-16 21:36

Severity

8.8 (High) - CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Summary

rdiffweb 2.4.1 contains Weak Password Requirements

Details

rdiffweb version 2.4.1 has no password policy or password checking, which could make users vulnerable to brute force password guessing attacks. Version 2.4.2 enforces minimum and maximum password lengths.

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "rdiffweb"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.4.1"
            },
            {
              "fixed": "2.4.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "2.4.1"
      ]
    }
  ],
  "aliases": [
    "CVE-2022-3179"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-521"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2022-09-15T03:24:48Z",
    "nvd_published_at": "2022-09-13T17:15:00Z",
    "severity": "HIGH"
  },
  "details": "rdiffweb version 2.4.1 has no password policy or password checking, which could make users vulnerable to brute force password guessing attacks. Version 2.4.2 enforces minimum and maximum password lengths.",
  "id": "GHSA-mp5p-g2jv-r8qw",
  "modified": "2022-09-16T21:36:30Z",
  "published": "2022-09-14T00:00:43Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3179"
    },
    {
      "type": "WEB",
      "url": "https://github.com/ikus060/rdiffweb/commit/233befc33bdc45d4838c773d5aed4408720504c5"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/ikus060/rdiffweb"
    },
    {
      "type": "WEB",
      "url": "https://github.com/pypa/advisory-database/tree/main/vulns/rdiffweb/PYSEC-2022-272.yaml"
    },
    {
      "type": "WEB",
      "url": "https://huntr.dev/bounties/58eae29e-3619-449d-9bba-fdcbabcba5fe"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "rdiffweb 2.4.1 contains Weak Password Requirements"
}

pysec-2022-272

Vulnerability from pysec

Published

2022-09-13 17:15

Modified

2022-09-15 20:40

Details

Weak Password Requirements in GitHub repository ikus060/rdiffweb prior to 2.4.2.

Aliases

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "rdiffweb",
        "purl": "pkg:pypi/rdiffweb"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "233befc33bdc45d4838c773d5aed4408720504c5"
            }
          ],
          "repo": "https://github.com/ikus060/rdiffweb",
          "type": "GIT"
        },
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.4.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "0.10.0",
        "0.10.2",
        "0.10.3",
        "0.10.4",
        "0.10.5",
        "0.10.6",
        "0.10.7",
        "0.10.8",
        "0.10.9",
        "0.9.2.dev1",
        "0.9.3",
        "0.9.4",
        "0.9.5",
        "1.0.0",
        "1.0.0a1",
        "1.0.0a2",
        "1.0.0a3",
        "1.0.0a4",
        "1.0.1",
        "1.0.2",
        "1.0.3",
        "1.1.0",
        "1.2.0",
        "1.2.1",
        "1.2.2",
        "1.3.0",
        "1.3.1",
        "1.3.1b1",
        "1.3.1b2",
        "1.3.2",
        "1.4.0",
        "1.4.0b1",
        "1.4.0b2",
        "1.4.0b3",
        "1.4.0b4",
        "1.4.0b5",
        "1.4.1b1",
        "1.4.1b2",
        "1.4.1b3",
        "1.5.0",
        "1.5.1b1",
        "1.5.1b2",
        "1.6.0b1",
        "2.0.1b2",
        "2.0.1b3",
        "2.0.2",
        "2.0.3a1",
        "2.0.3a2",
        "2.0.3a3",
        "2.0.3a4",
        "2.0.3a5",
        "2.0.3a6",
        "2.0.3a7",
        "2.1.0",
        "2.2.0",
        "2.2.0.dev1",
        "2.2.0a1",
        "2.2.0a2",
        "2.2.0a3",
        "2.2.0a4",
        "2.2.0a5",
        "2.2.0a6",
        "2.2.1",
        "2.3.0",
        "2.3.1",
        "2.3.2",
        "2.3.3",
        "2.3.4",
        "2.3.5",
        "2.3.6",
        "2.3.7",
        "2.3.8",
        "2.3.9",
        "2.4.0",
        "2.4.1"
      ]
    }
  ],
  "aliases": [
    "CVE-2022-3179",
    "GHSA-mp5p-g2jv-r8qw"
  ],
  "details": "Weak Password Requirements in GitHub repository ikus060/rdiffweb prior to 2.4.2.",
  "id": "PYSEC-2022-272",
  "modified": "2022-09-15T20:40:19.575026Z",
  "published": "2022-09-13T17:15:00Z",
  "references": [
    {
      "type": "FIX",
      "url": "https://github.com/ikus060/rdiffweb/commit/233befc33bdc45d4838c773d5aed4408720504c5"
    },
    {
      "type": "WEB",
      "url": "https://huntr.dev/bounties/58eae29e-3619-449d-9bba-fdcbabcba5fe"
    },
    {
      "type": "ADVISORY",
      "url": "https://github.com/advisories/GHSA-mp5p-g2jv-r8qw"
    }
  ]
}

cve-2022-3179

Vulnerability from cvelistv5

Published

2022-09-13 16:35

Modified

2024-08-03 01:00

Severity

7.1 (High) - cvssV3_0 - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N

Summary

Weak Password Requirements in ikus060/rdiffweb

References

URL	Tags
https://github.com/ikus060/rdiffweb/commit/233befc33bdc45d4838c773d5aed4408720504c5	x_refsource_MISC
https://huntr.dev/bounties/58eae29e-3619-449d-9bba-fdcbabcba5fe	x_refsource_CONFIRM

Impacted products

Vendor	Product
ikus060	ikus060/rdiffweb

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T01:00:10.567Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/ikus060/rdiffweb/commit/233befc33bdc45d4838c773d5aed4408720504c5"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://huntr.dev/bounties/58eae29e-3619-449d-9bba-fdcbabcba5fe"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "ikus060/rdiffweb",
          "vendor": "ikus060",
          "versions": [
            {
              "lessThan": "2.4.2",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Weak Password Requirements in GitHub repository ikus060/rdiffweb prior to 2.4.2."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-521",
              "description": "CWE-521 Weak Password Requirements",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-09-13T16:35:09",
        "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "shortName": "@huntrdev"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/ikus060/rdiffweb/commit/233befc33bdc45d4838c773d5aed4408720504c5"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://huntr.dev/bounties/58eae29e-3619-449d-9bba-fdcbabcba5fe"
        }
      ],
      "source": {
        "advisory": "58eae29e-3619-449d-9bba-fdcbabcba5fe",
        "discovery": "EXTERNAL"
      },
      "title": "Weak Password Requirements in ikus060/rdiffweb",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@huntr.dev",
          "ID": "CVE-2022-3179",
          "STATE": "PUBLIC",
          "TITLE": "Weak Password Requirements in ikus060/rdiffweb"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "ikus060/rdiffweb",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "2.4.2"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "ikus060"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Weak Password Requirements in GitHub repository ikus060/rdiffweb prior to 2.4.2."
            }
          ]
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-521 Weak Password Requirements"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/ikus060/rdiffweb/commit/233befc33bdc45d4838c773d5aed4408720504c5",
              "refsource": "MISC",
              "url": "https://github.com/ikus060/rdiffweb/commit/233befc33bdc45d4838c773d5aed4408720504c5"
            },
            {
              "name": "https://huntr.dev/bounties/58eae29e-3619-449d-9bba-fdcbabcba5fe",
              "refsource": "CONFIRM",
              "url": "https://huntr.dev/bounties/58eae29e-3619-449d-9bba-fdcbabcba5fe"
            }
          ]
        },
        "source": {
          "advisory": "58eae29e-3619-449d-9bba-fdcbabcba5fe",
          "discovery": "EXTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
    "assignerShortName": "@huntrdev",
    "cveId": "CVE-2022-3179",
    "datePublished": "2022-09-13T16:35:09",
    "dateReserved": "2022-09-12T00:00:00",
    "dateUpdated": "2024-08-03T01:00:10.567Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Action not permitted

GHSA-mp5p-g2jv-r8qw

Vulnerability from github

pysec-2022-272

Vulnerability from pysec

cve-2022-3179

Vulnerability from cvelistv5

Tags