rdiffweb vulnerable to Open Redirect · CVE-2022-3438 · GitHub Advisory Database · GitHub

rdiffweb vulnerable to Open Redirect

Moderate severity GitHub Reviewed Published Oct 10, 2022 to the GitHub Advisory Database • Updated Nov 22, 2024

Package

rdiffweb (pip)

Affected versions

< 2.5.0a4

Patched versions

2.5.0a4

Description

A lack of user input validation leads to an open redirect vulnerability in rdiffweb prior to 2.5.0a4.

References

Published by the National Vulnerability Database

Oct 10, 2022

Published to the GitHub Advisory Database Oct 10, 2022

Reviewed Oct 10, 2022

Last updated Nov 22, 2024

Severity

Moderate

/ 10

CVSS v3 base metrics

Attack vector

Network

Attack complexity

Low

Privileges required

None

User interaction

Required

Scope

Changed

Confidentiality

Low

Integrity

Low

Availability

None

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N