CVE-2022-3292
MEDIUM4.6EPSS 0.25%rdiffweb vulnerable to Use of Cache Containing Sensitive Information
發布日:2022/9/29修改日:2024/10/16
描述
rdiffweb prior to version 2.4.9 is vulnerable to Use of Cache Containing Sensitive Information. Due to improper cache control, an attacker can view sensitive information even if they are not logged into an account. Version 2.4.9 contains a patch for this issue.
受影響套件(2)
- PyPI/rdiffwebfrom 0, < 2.4.9
- PyPI/rdiffwebfrom 0, < 2406780831618405a13113377a784f3102465f40 | from 0, < 2.4.8
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 4.0 | — | CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N |
| osv | CVSS 3.1 | MEDIUM4.6 | CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
參考連結(5)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2022-3292
- PATCHhttps://github.com/ikus060/rdiffweb
- WEBhttps://github.com/ikus060/rdiffweb/commit/2406780831618405a13113377a784f3102465f40
- WEBhttps://github.com/pypa/advisory-database/tree/main/vulns/rdiffweb/PYSEC-2022-296.yaml
- WEBhttps://huntr.dev/bounties/e9309018-e94f-4e15-b7d1-5d38b6021c5d