CVE-2022-3362 | Vulnerability Database | Aqua Security

NVD

https://nvd.nist.gov/vuln/detail/CVE-2022-3362

CWE

https://cwe.mitre.org/data/definitions/613.html

Insufficient Session Expiration in GitHub repository ikus060/rdiffweb prior to 2.5.0.

Weakness

According to WASC, “Insufficient Session Expiration is when a web site permits an attacker to reuse old session credentials or session IDs for authorization.”

Affected Software

Name	Vendor	Start Version	End Version
Rdiffweb	Ikus-soft	*	2.5.0 (excluding)

Potential Mitigations

References

https://github.com/ikus060/rdiffweb/commit/6efb995bc32c8a8e9ad755eb813dec991dffb2b8
https://huntr.dev/bounties/ca428c31-858d-47fa-adc9-2a59f8e8b2b1