github - ghsa-7fqm-jm52-f9vc

ghsa-7fqm-jm52-f9vc

Vulnerability from github

Published

2022-09-29 00:00

Modified

2022-09-30 05:37

Summary

rdiffweb vulnerable to Use of Cache Containing Sensitive Information

Details

rdiffweb prior to version 2.4.9 is vulnerable to Use of Cache Containing Sensitive Information. Due to improper cache control, an attacker can view sensitive information even if they are not logged into an account. Version 2.4.9 contains a patch for this issue.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "rdiffweb"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.4.9"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2022-3292"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-524"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2022-09-30T05:37:28Z",
    "nvd_published_at": "2022-09-28T21:15:00Z",
    "severity": "MODERATE"
  },
  "details": "rdiffweb prior to version 2.4.9 is vulnerable to Use of Cache Containing Sensitive Information. Due to improper cache control, an attacker can view sensitive information even if they are not logged into an account. Version 2.4.9 contains a patch for this issue.",
  "id": "GHSA-7fqm-jm52-f9vc",
  "modified": "2022-09-30T05:37:28Z",
  "published": "2022-09-29T00:00:19Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3292"
    },
    {
      "type": "WEB",
      "url": "https://github.com/ikus060/rdiffweb/commit/2406780831618405a13113377a784f3102465f40"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/ikus060/rdiffweb"
    },
    {
      "type": "WEB",
      "url": "https://huntr.dev/bounties/e9309018-e94f-4e15-b7d1-5d38b6021c5d"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [],
  "summary": "rdiffweb vulnerable to Use of Cache Containing Sensitive Information"
}

cve-2022-3292

Vulnerability from cvelistv5

Published

2022-09-28 20:15

Modified

2024-08-03 01:07

Severity

4.3 (Medium) - cvssV3_0 - CVSS:3.0/AV:P/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Summary

Use of Cache Containing Sensitive Information in ikus060/rdiffweb

References

URL	Tags
https://huntr.dev/bounties/e9309018-e94f-4e15-b7d1-5d38b6021c5d	x_refsource_CONFIRM
https://github.com/ikus060/rdiffweb/commit/2406780831618405a13113377a784f3102465f40	x_refsource_MISC

Impacted products

Vendor	Product
ikus060	ikus060/rdiffweb

Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T01:07:06.509Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://huntr.dev/bounties/e9309018-e94f-4e15-b7d1-5d38b6021c5d"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/ikus060/rdiffweb/commit/2406780831618405a13113377a784f3102465f40"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "ikus060/rdiffweb",
          "vendor": "ikus060",
          "versions": [
            {
              "lessThan": "2.4.8",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Use of Cache Containing Sensitive Information in GitHub repository ikus060/rdiffweb prior to 2.4.8."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "PHYSICAL",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-524",
              "description": "CWE-524 Use of Cache Containing Sensitive Information",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-09-28T20:15:13",
        "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "shortName": "@huntrdev"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://huntr.dev/bounties/e9309018-e94f-4e15-b7d1-5d38b6021c5d"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/ikus060/rdiffweb/commit/2406780831618405a13113377a784f3102465f40"
        }
      ],
      "source": {
        "advisory": "e9309018-e94f-4e15-b7d1-5d38b6021c5d",
        "discovery": "EXTERNAL"
      },
      "title": "Use of Cache Containing Sensitive Information in ikus060/rdiffweb",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@huntr.dev",
          "ID": "CVE-2022-3292",
          "STATE": "PUBLIC",
          "TITLE": "Use of Cache Containing Sensitive Information in ikus060/rdiffweb"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "ikus060/rdiffweb",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "2.4.8"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "ikus060"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Use of Cache Containing Sensitive Information in GitHub repository ikus060/rdiffweb prior to 2.4.8."
            }
          ]
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "PHYSICAL",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-524 Use of Cache Containing Sensitive Information"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://huntr.dev/bounties/e9309018-e94f-4e15-b7d1-5d38b6021c5d",
              "refsource": "CONFIRM",
              "url": "https://huntr.dev/bounties/e9309018-e94f-4e15-b7d1-5d38b6021c5d"
            },
            {
              "name": "https://github.com/ikus060/rdiffweb/commit/2406780831618405a13113377a784f3102465f40",
              "refsource": "MISC",
              "url": "https://github.com/ikus060/rdiffweb/commit/2406780831618405a13113377a784f3102465f40"
            }
          ]
        },
        "source": {
          "advisory": "e9309018-e94f-4e15-b7d1-5d38b6021c5d",
          "discovery": "EXTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
    "assignerShortName": "@huntrdev",
    "cveId": "CVE-2022-3292",
    "datePublished": "2022-09-28T20:15:13",
    "dateReserved": "2022-09-23T00:00:00",
    "dateUpdated": "2024-08-03T01:07:06.509Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Log in or create an account to share your comment.

Tags

Taxonomy of the tags.