ghsa-7wr6-fj4x-893v
Vulnerability from github
Published
2022-10-06 18:52
Modified
2022-10-12 18:16
Severity
Summary
rdiffweb allows a new password to be the same as the previous password
Details
rdiffweb prior to 2.5.0a4 allows users to set their new password to be the same as the old password during a password reset. Version 2.5.0a4 enforces a password policy in which a new password cannot be the same as the old one.
{ "affected": [ { "package": { "ecosystem": "PyPI", "name": "rdiffweb" }, "ranges": [ { "events": [ { "introduced": "0" }, { "fixed": "2.5.0" } ], "type": "ECOSYSTEM" } ] } ], "aliases": [ "CVE-2022-3376" ], "database_specific": { "cwe_ids": [ "CWE-521" ], "github_reviewed": true, "github_reviewed_at": "2022-10-06T20:10:38Z", "nvd_published_at": "2022-10-06T18:16:00Z", "severity": "MODERATE" }, "details": "rdiffweb prior to 2.5.0a4 allows users to set their new password to be the same as the old password during a password reset. Version 2.5.0a4 enforces a password policy in which a new password cannot be the same as the old one.", "id": "GHSA-7wr6-fj4x-893v", "modified": "2022-10-12T18:16:54Z", "published": "2022-10-06T18:52:04Z", "references": [ { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3376" }, { "type": "WEB", "url": "https://github.com/ikus060/rdiffweb/commit/2ffc2af65c8f8113b06e0b89929c604bcdf844b9" }, { "type": "PACKAGE", "url": "https://github.com/ikus060/rdiffweb" }, { "type": "WEB", "url": "https://huntr.dev/bounties/a9021e93-6d18-4ac1-98ce-550c4697a4ed" } ], "schema_version": "1.4.0", "severity": [ { "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "type": "CVSS_V3" } ], "summary": "rdiffweb allows a new password to be the same as the previous password" }
Loading...