CVE-2022-3438

Name of the Vulnerable Software and Affected Versions rdiffweb versions prior to 2.5.0a4

Description The issue is related to an open redirect vulnerability in the web interface of rdiff-backup Rdiffweb. This vulnerability allows a remote attacker to redirect users to an arbitrary URL by exploiting a lack of user input validation.

Recommendations For versions prior to 2.5.0a4, update to version 2.5.0a4 or later to resolve the issue. As a temporary workaround, consider implementing additional user input validation to prevent open redirects until a patch is applied. Restrict access to the web interface to minimize the risk of exploitation.