Lucene search
GitHub Advisory DatabaseGHSA-GMJ8-84R4-H46JHistorySep 23, 2022 - 12:00 a.m.
rdiffweb Cross-Site Request Forgery vulnerability can lead to user email ID being changed
2022-09-2300:00:31
CWE-352
GitHub Advisory Database
github.com
34
rdiffweb
cross-site request forgery
user email id
version 2.4.7
fix
software
CVSS3
3.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
EPSS
0.001
Percentile
21.4%
rdiffwen prior to version 2.4.7 is vulnerable to Cross-Site Request Forgery (CSRF). An attacker can change a user’s email ID. Version 2.4.7 has a fix for this issue.
Affected configurations
Node
rdiffwebrdiffwebRange<2.4.7
Related
osv
osv
CVE-2022-3274
2022-09-22 19:15:09
PYSEC-2022-289
2022-09-22 19:15:00
veracode
veracode
Cross-Site Request Forgery (CSRF)
2022-09-23 04:56:33
nvd
nvd
CVE-2022-3274
2022-09-22 19:15:09
huntr
huntr
CSRF to change the email id
2022-09-21 13:58:20
cvelist
cvelist
prion
prion
Cross site request forgery (csrf)
2022-09-22 19:15:00
cve
cve
CVE-2022-3274
2022-09-22 19:15:09
nessus
nessus
Wireshark 3.6.x < 3.6.9 Multiple Vulnerabilities (macOS)
2022-10-27 00:00:00
Wireshark 3.6.x < 3.6.9 Multiple Vulnerabilities
2022-10-27 00:00:00
kaspersky
kaspersky
KLA20110 Multiple vulnerabilities in Wireshark
2022-10-26 00:00:00
CVSS3
3.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
EPSS
0.001
Percentile
21.4%
Related for GHSA-GMJ8-84R4-H46J