CVE-2024-55225

Опубликовано: 09 янв. 2025

Источник: nvd

CVSS3: 9.8

EPSS Низкий

Описание

An issue in the component src/api/identity.rs of Vaultwarden prior to v1.32.5 allows attackers to impersonate users, including Administrators, via a crafted authorization request.

Ссылки

https://github.com/dani-garcia/vaultwarden/releases/tag/1.32.4
Release Notes
https://github.com/dani-garcia/vaultwarden/releases/tag/1.32.5
Release Notes
https://insinuator.net/2024/11/vulnerability-disclosure-authentication-bypass-in-vaultwarden-versions-1-32-5/
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:dani-garcia:vaultwarden:*:*:*:*:*:*:*:*

Версия до 1.32.5 (исключая)

EPSS

Процентиль: 51%

0.00282

Низкий

9.8 Critical

CVSS3

Дефекты

CWE-276

Связанные уязвимости

CVE-2024-55225

CVSS3: 9.8

debian

около 1 года назад

An issue in the component src/api/identity.rs of Vaultwarden prior to ...

GHSA-x7m9-mv49-fv73

github