CVE-2022-3292 - Vulnerability Details - OpenCVE

Use of Cache Containing Sensitive Information in GitHub repository ikus060/rdiffweb prior to 2.4.8.

No CVSS v4.0

Attack Vector Physical

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Attack Vector Physical

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction Required

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Ikus-soft	Rdiffweb

Configuration 1 [-]

cpe:2.3:a:ikus-soft:rdiffweb:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://github.com/ikus060/rdiffweb/commit/2406780831618405a13113377a784f3102465f40
https://huntr.dev/bounties/e9309018-e94f-4e15-b7d1-5d38b6021c5d

History

No history.

MITRE

Status: PUBLISHED

Assigner: @huntrdev

Published: 2022-09-28T20:15:13

Updated: 2024-08-03T01:07:06.509Z

Reserved: 2022-09-23T00:00:00

Link: CVE-2022-3292

Vulnrichment

No data.

NVD

Status : Modified

Published: 2022-09-28T21:15:14.740

Modified: 2024-11-21T07:19:13.933

Link: CVE-2022-3292

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "ikus060/rdiffweb", "vendor": "ikus060", "versions": [{"lessThan": "2.4.8", "status": "affected", "version": "unspecified", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "value": "Use of Cache Containing Sensitive Information in GitHub repository ikus060/rdiffweb prior to 2.4.8."}], "metrics": [{"cvssV3_0": {"attackComplexity": "LOW", "attackVector": "PHYSICAL", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.0"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-524", "description": "CWE-524 Use of Cache Containing Sensitive Information", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-09-28T20:15:13", "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "shortName": "@huntrdev"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://huntr.dev/bounties/e9309018-e94f-4e15-b7d1-5d38b6021c5d"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/ikus060/rdiffweb/commit/2406780831618405a13113377a784f3102465f40"}], "source": {"advisory": "e9309018-e94f-4e15-b7d1-5d38b6021c5d", "discovery": "EXTERNAL"}, "title": "Use of Cache Containing Sensitive Information in ikus060/rdiffweb", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@huntr.dev", "ID": "CVE-2022-3292", "STATE": "PUBLIC", "TITLE": "Use of Cache Containing Sensitive Information in ikus060/rdiffweb"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "ikus060/rdiffweb", "version": {"version_data": [{"version_affected": "<", "version_value": "2.4.8"}]}}]}, "vendor_name": "ikus060"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Use of Cache Containing Sensitive Information in GitHub repository ikus060/rdiffweb prior to 2.4.8."}]}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "PHYSICAL", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.0"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-524 Use of Cache Containing Sensitive Information"}]}]}, "references": {"reference_data": [{"name": "https://huntr.dev/bounties/e9309018-e94f-4e15-b7d1-5d38b6021c5d", "refsource": "CONFIRM", "url": "https://huntr.dev/bounties/e9309018-e94f-4e15-b7d1-5d38b6021c5d"}, {"name": "https://github.com/ikus060/rdiffweb/commit/2406780831618405a13113377a784f3102465f40", "refsource": "MISC", "url": "https://github.com/ikus060/rdiffweb/commit/2406780831618405a13113377a784f3102465f40"}]}, "source": {"advisory": "e9309018-e94f-4e15-b7d1-5d38b6021c5d", "discovery": "EXTERNAL"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T01:07:06.509Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://huntr.dev/bounties/e9309018-e94f-4e15-b7d1-5d38b6021c5d"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/ikus060/rdiffweb/commit/2406780831618405a13113377a784f3102465f40"}]}]}, "cveMetadata": {"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "assignerShortName": "@huntrdev", "cveId": "CVE-2022-3292", "datePublished": "2022-09-28T20:15:13", "dateReserved": "2022-09-23T00:00:00", "dateUpdated": "2024-08-03T01:07:06.509Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ikus-soft:rdiffweb:*:*:*:*:*:*:*:*", "matchCriteriaId": "B5AF98F6-C5D5-4624-BCF8-B4B83A32BF02", "versionEndExcluding": "2.4.8", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Use of Cache Containing Sensitive Information in GitHub repository ikus060/rdiffweb prior to 2.4.8."}, {"lang": "es", "value": "Un Uso de la cach\u00e9 que Contiene Informaci\u00f3n Confidencial en el repositorio de GitHub ikus060/rdiffweb versiones anteriores a 2.4.8"}], "id": "CVE-2022-3292", "lastModified": "2024-11-21T07:19:13.933", "metrics": {"cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "PHYSICAL", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.0"}, "exploitabilityScore": 0.7, "impactScore": 3.6, "source": "security@huntr.dev", "type": "Secondary"}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "PHYSICAL", "availabilityImpact": "NONE", "baseScore": 4.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 0.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-09-28T21:15:14.740", "references": [{"source": "security@huntr.dev", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/ikus060/rdiffweb/commit/2406780831618405a13113377a784f3102465f40"}, {"source": "security@huntr.dev", "tags": ["Exploit", "Third Party Advisory"], "url": "https://huntr.dev/bounties/e9309018-e94f-4e15-b7d1-5d38b6021c5d"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/ikus060/rdiffweb/commit/2406780831618405a13113377a784f3102465f40"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory"], "url": "https://huntr.dev/bounties/e9309018-e94f-4e15-b7d1-5d38b6021c5d"}], "sourceIdentifier": "security@huntr.dev", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-524"}], "source": "security@huntr.dev", "type": "Secondary"}]}