Описание
Vaultwarden vulnerable to user impersonation
An issue in the component src/api/identity.rs of Vaultwarden prior to v1.32.5 allows attackers to impersonate users, including Administrators, via a crafted authorization request.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2024-55225
- https://github.com/dani-garcia/vaultwarden/commit/20d9e885bfcd7df7828d92c6e59ed5fe7b40a879
- https://github.com/dani-garcia/vaultwarden/commit/37c14c3c69b244ec50f5c62b4c9260171607c1d8
- https://github.com/dani-garcia/vaultwarden/releases/tag/1.32.4
- https://github.com/dani-garcia/vaultwarden/releases/tag/1.32.5
- https://insinuator.net/2024/11/vulnerability-disclosure-authentication-bypass-in-vaultwarden-versions-1-32-5
Пакеты
Наименование
vaultwarden
rust
Затронутые версииВерсия исправления
< 1.32.5
1.32.5
Связанные уязвимости
CVSS3: 9.8
nvd
около 1 года назад
An issue in the component src/api/identity.rs of Vaultwarden prior to v1.32.5 allows attackers to impersonate users, including Administrators, via a crafted authorization request.
CVSS3: 9.8
debian
около 1 года назад
An issue in the component src/api/identity.rs of Vaultwarden prior to ...