VulnerableCode Vulnerability Details

Staging Environment: Content and features may be unstable or change without notice.

Search for vulnerabilities

Vulnerability details: VCID-d3u8-9d5e-6uh8

Essentials
Severities (17)
References (7)
Severity details (14)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-d3u8-9d5e-6uh8
Aliases	CVE-2022-3273 GHSA-9g3v-v24q-jj5p PYSEC-2022-43156
Summary	rdiffweb does not have a rate limit on incorrect password attempts to prevent brute force attacks
Status	Published
Exploitability	0.5
Weighted Severity	8.8
Risk	4.4
Affected and Fixed Packages	Package Details

Weaknesses (4)

CWE-326	Inadequate Encryption Strength
CWE-770	Allocation of Resources Without Limits or Throttling
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities

System	Score	Found at
epss	0.00198	https://api.first.org/data/v1/epss?cve=CVE-2022-3273
epss	0.00198	https://api.first.org/data/v1/epss?cve=CVE-2022-3273
epss	0.00198	https://api.first.org/data/v1/epss?cve=CVE-2022-3273
cvssv3.1	9.8	https://github.com/advisories/GHSA-9g3v-v24q-jj5p
cvssv3.1_qr	HIGH	https://github.com/advisories/GHSA-9g3v-v24q-jj5p
cvssv3.1	7.3	https://github.com/ikus060/rdiffweb
generic_textual	HIGH	https://github.com/ikus060/rdiffweb
cvssv3.1	7.3	https://github.com/ikus060/rdiffweb/commit/b5e3bb0a98268d18ceead36ab9b2b7eaacd659a8
cvssv3.1	9.8	https://github.com/ikus060/rdiffweb/commit/b5e3bb0a98268d18ceead36ab9b2b7eaacd659a8
generic_textual	HIGH	https://github.com/ikus060/rdiffweb/commit/b5e3bb0a98268d18ceead36ab9b2b7eaacd659a8
cvssv3.1	7.3	https://github.com/pypa/advisory-database/tree/main/vulns/rdiffweb/PYSEC-2022-43156.yaml
generic_textual	HIGH	https://github.com/pypa/advisory-database/tree/main/vulns/rdiffweb/PYSEC-2022-43156.yaml
cvssv3.1	7.3	https://huntr.dev/bounties/a6df4bad-3382-4add-8918-760d885690f6
cvssv3.1	9.8	https://huntr.dev/bounties/a6df4bad-3382-4add-8918-760d885690f6
generic_textual	HIGH	https://huntr.dev/bounties/a6df4bad-3382-4add-8918-760d885690f6
cvssv3.1	7.3	https://nvd.nist.gov/vuln/detail/CVE-2022-3273
generic_textual	HIGH	https://nvd.nist.gov/vuln/detail/CVE-2022-3273

Reference id	Reference type	URL
		https://api.first.org/data/v1/epss?cve=CVE-2022-3273
		https://github.com/ikus060/rdiffweb
		https://github.com/ikus060/rdiffweb/commit/b5e3bb0a98268d18ceead36ab9b2b7eaacd659a8
		https://github.com/pypa/advisory-database/tree/main/vulns/rdiffweb/PYSEC-2022-43156.yaml
		https://huntr.dev/bounties/a6df4bad-3382-4add-8918-760d885690f6
CVE-2022-3273		https://nvd.nist.gov/vuln/detail/CVE-2022-3273
GHSA-9g3v-v24q-jj5p		https://github.com/advisories/GHSA-9g3v-v24q-jj5p

No exploits are available.

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/advisories/GHSA-9g3v-v24q-jj5p

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L Found at https://github.com/ikus060/rdiffweb

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L Found at https://github.com/ikus060/rdiffweb/commit/b5e3bb0a98268d18ceead36ab9b2b7eaacd659a8

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/ikus060/rdiffweb/commit/b5e3bb0a98268d18ceead36ab9b2b7eaacd659a8

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L Found at https://github.com/pypa/advisory-database/tree/main/vulns/rdiffweb/PYSEC-2022-43156.yaml

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L Found at https://huntr.dev/bounties/a6df4bad-3382-4add-8918-760d885690f6

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://huntr.dev/bounties/a6df4bad-3382-4add-8918-760d885690f6

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L Found at https://nvd.nist.gov/vuln/detail/CVE-2022-3273

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Exploit Prediction Scoring System (EPSS)

Percentile	0.41861
EPSS Score	0.00198
Published At	June 11, 2026, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2026-06-11T20:32:45.056977+00:00	GHSA Importer	Import	https://github.com/advisories/GHSA-9g3v-v24q-jj5p	38.6.0