Use of Cache Containing Sensitive Information Affecting rdiffweb package, versions [,2.4.9)
Snyk CVSS
Attack Complexity
Low
User Interaction
Required
Confidentiality
High
Threat Intelligence
Exploit Maturity
Proof of concept
EPSS
0.07% (28th
percentile)
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-PYTHON-RDIFFWEB-3035489
- published 29 Sep 2022
- disclosed 29 Sep 2022
- credit Nehalr777
Introduced: 29 Sep 2022
CVE-2022-3292 Open this link in a new tabHow to fix?
Upgrade rdiffweb
to version 2.4.9 or higher.
Overview
rdiffweb is an A web interface to rdiff-backup repositories.
Affected versions of this package are vulnerable to Use of Cache Containing Sensitive Information due to improper cache control which allows an attacker to view sensitive information even if the attacker is not logged into the account.