CVE-2022-4722

Name of the Vulnerable Software and Affected Versions rdiffweb versions prior to 2.5.5

Description The issue is related to a primary weakness in the rdiffweb GitHub repository, allowing for authentication bypass. This weakness is due to the username field not being unique to users, enabling exploitation of primary key logic by creating the same name with different combinations, which may allow unauthorized access.

Recommendations For versions prior to 2.5.5, update to version 2.5.5 or later to resolve the authentication bypass issue. As a temporary workaround, consider restricting access to the username field to minimize the risk of exploitation.