ghsa-7fqm-jm52-f9vc
Vulnerability from github
Published
2022-09-29 00:00
Modified
2022-09-30 05:37
Summary
rdiffweb vulnerable to Use of Cache Containing Sensitive Information
Details
rdiffweb prior to version 2.4.9 is vulnerable to Use of Cache Containing Sensitive Information. Due to improper cache control, an attacker can view sensitive information even if they are not logged into an account. Version 2.4.9 contains a patch for this issue.
{ "affected": [ { "package": { "ecosystem": "PyPI", "name": "rdiffweb" }, "ranges": [ { "events": [ { "introduced": "0" }, { "fixed": "2.4.9" } ], "type": "ECOSYSTEM" } ] } ], "aliases": [ "CVE-2022-3292" ], "database_specific": { "cwe_ids": [ "CWE-524" ], "github_reviewed": true, "github_reviewed_at": "2022-09-30T05:37:28Z", "nvd_published_at": "2022-09-28T21:15:00Z", "severity": "MODERATE" }, "details": "rdiffweb prior to version 2.4.9 is vulnerable to Use of Cache Containing Sensitive Information. Due to improper cache control, an attacker can view sensitive information even if they are not logged into an account. Version 2.4.9 contains a patch for this issue.", "id": "GHSA-7fqm-jm52-f9vc", "modified": "2022-09-30T05:37:28Z", "published": "2022-09-29T00:00:19Z", "references": [ { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3292" }, { "type": "WEB", "url": "https://github.com/ikus060/rdiffweb/commit/2406780831618405a13113377a784f3102465f40" }, { "type": "PACKAGE", "url": "https://github.com/ikus060/rdiffweb" }, { "type": "WEB", "url": "https://huntr.dev/bounties/e9309018-e94f-4e15-b7d1-5d38b6021c5d" } ], "schema_version": "1.4.0", "severity": [], "summary": "rdiffweb vulnerable to Use of Cache Containing Sensitive Information" }
Loading...