CVE-2022-3292: rdiffweb vulnerable to Use of Cache Containing Sensitive Information
(updated )
rdiffweb prior to version 2.4.9 is vulnerable to Use of Cache Containing Sensitive Information. Due to improper cache control, an attacker can view sensitive information even if they are not logged into an account. Version 2.4.9 contains a patch for this issue.
References
- github.com/advisories/GHSA-7fqm-jm52-f9vc
- github.com/ikus060/rdiffweb
- github.com/ikus060/rdiffweb/commit/2406780831618405a13113377a784f3102465f40
- github.com/pypa/advisory-database/tree/main/vulns/rdiffweb/PYSEC-2022-296.yaml
- huntr.dev/bounties/e9309018-e94f-4e15-b7d1-5d38b6021c5d
- nvd.nist.gov/vuln/detail/CVE-2022-3292
Detect and mitigate CVE-2022-3292 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →