CVE-2022-3167

Name of the Vulnerable Software and Affected Versions rdiffweb versions prior to 2.4.1

Description The issue is related to improper restriction of rendered UI layers or frames, allowing attackers to perform clickjacking attacks. This can trick victims into performing actions such as entering passwords, liking or deleting posts, and/or initiating an account deletion.

Recommendations For versions prior to 2.4.1, update to version 2.4.1 to resolve the issue. As a temporary workaround, consider restricting access to sensitive features that can be exploited through clickjacking attacks until the update is applied.