GHSA-wf33-6x33-wcf9
Suggest an improvement- Source
- https://github.com/advisories/GHSA-wf33-6x33-wcf9
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/12/GHSA-wf33-6x33-wcf9/GHSA-wf33-6x33-wcf9.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-wf33-6x33-wcf9
- Aliases
- Published
- 2022-12-27T15:30:19Z
- Modified
- 2024-10-25T22:04:45.032364Z
- Severity
-
- 7.2 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- 8.6 (High) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N CVSS Calculator
- Summary
- rdiffweb vulnerable to Authentication Bypass by Primary Weakness
- Details
-
In rdiffweb prior to 2.5.5, the username field is not unique to users. This allows exploitation of primary key logic by creating the same name with different combinations & may allow unauthorized access.
- Database specific
{ "nvd_published_at": "2022-12-27T15:15:00Z", "severity": "HIGH", "github_reviewed": true, "cwe_ids": [ "CWE-287", "CWE-305" ], "github_reviewed_at": "2022-12-30T18:01:28Z" }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2022-4722
- https://github.com/ikus060/rdiffweb/commit/d1aaa96b665a39fba9e98d6054a9de511ba0a837
- https://github.com/ikus060/rdiffweb
- https://github.com/pypa/advisory-database/tree/main/vulns/rdiffweb/PYSEC-2022-43008.yaml
- https://huntr.dev/bounties/c62126dc-d9a6-4d3e-988d-967031876c58
Affected packages
PyPI / rdiffweb
Package
- Name
- rdiffweb
- View open source insights on deps.dev
- Purl
- pkg:pypi/rdiffweb
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.5.5
Affected versions
0.*
0.9.2.dev1
0.9.3
0.9.4
0.9.5
0.10.0
0.10.2
0.10.3
0.10.4
0.10.5
0.10.6
0.10.7
0.10.8
0.10.9
1.*
1.0.0a1
1.0.0a2
1.0.0a3
1.0.0a4
1.0.0
1.0.1
1.0.2
1.0.3
1.1.0
1.2.0
1.2.1
1.2.2
1.3.0
1.3.1b1
1.3.1b2
1.3.1
1.3.2
1.4.0b1
1.4.0b2
1.4.0b3
1.4.0b4
1.4.0b5
1.4.0
1.4.1b1
1.4.1b2
1.4.1b3
1.5.0
1.5.1b1
1.5.1b2
1.6.0b1
2.*
2.0.1b2
2.0.1b3
2.0.2
2.0.3a1
2.0.3a2
2.0.3a3
2.0.3a4
2.0.3a5
2.0.3a6
2.0.3a7
2.1.0
2.2.0.dev1
2.2.0a1
2.2.0a2
2.2.0a3
2.2.0a4
2.2.0a5
2.2.0a6
2.2.0
2.2.1
2.3.0
2.3.1
2.3.2
2.3.3
2.3.4
2.3.5
2.3.6
2.3.7
2.3.8
2.3.9
2.4.0
2.4.1
2.4.2
2.4.3
2.4.4
2.4.5
2.4.6
2.4.7
2.4.8
2.4.9
2.4.10
2.4.11a1
2.4.11
2.5.0a7
2.5.0a8
2.5.0a9
2.5.0
2.5.1
2.5.2
2.5.3
2.5.4b1
2.5.4