Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
osvGoogleOSV:GHSA-VQ4H-XRWC-M639
HistorySep 16, 2022 - 12:00 a.m.

rdiffweb CSRF vulnerability in profile's SSH keys can lead to unauthorized access

2022-09-1600:00:39
Google
osv.dev
7
rdiffweb
csrf vulnerability
unauthorized access
ssh keys
cross-site request forgery
backups
security issue
patch
software

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

47.3%

JSON

rdiffweb prior to 2.4.3 is vulnerable to Cross-Site Request Forgery (CSRF). While adding SSH public keys to the profile, the server accepts the GET request, which results in adding an SSH public key to the profile and leads to unauthorized access to the system and backups. Version 2.4.3 contains a patch for this issue.

Related

veracode 1
prion 1
huntr 1
nvd 1
cvelist 1
osv 2
cve 1
github 1
nessus 2
photon 4
veracode
veracode
Cross-site Request Forgery (CSRF)
2022-09-16 01:16:57
prion
prion
Cross site request forgery (csrf)
2022-09-15 09:15:00
huntr
huntr
Cross Site Request Forgery in profile's "SSH Keys" leads to unauthorized access to the system
2022-09-14 09:51:06
nvd
nvd
CVE-2022-3221
2022-09-15 09:15:09
cvelist
cvelist
CVE-2022-3221 Cross-Site Request Forgery (CSRF) in ikus060/rdiffweb
2022-09-15 08:45:19
osv
osv
CVE-2022-3221
2022-09-15 09:15:09
PYSEC-2022-278
2022-09-15 09:15:00
cve
cve
CVE-2022-3221
2022-09-15 09:15:09
github
github
rdiffweb CSRF vulnerability in profile's SSH keys can lead to unauthorized access
2022-09-16 00:00:39
nessus
nessus
Photon OS 3.0: Curl PHSA-2022-3.0-0480
2024-07-24 00:00:00
Photon OS 4.0: Curl PHSA-2022-4.0-0271
2024-07-23 00:00:00
photon
photon
Important Photon OS Security Update - PHSA-2022-3.0-0480
2022-10-29 00:00:00
Critical Photon OS Security Update - PHSA-2022-0533
2022-10-28 00:00:00
Critical Photon OS Security Update - PHSA-2022-0271
2022-10-28 00:00:00

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

47.3%

JSON
Related for OSV:GHSA-VQ4H-XRWC-M639
veracode1prion1huntr1nvd1cvelist1osv2cve1github1nessus2photon4