exploitDog

CVE-2024-55226

Опубликовано: 09 янв. 2025

Источник: nvd

CVSS3: 5.4

EPSS Низкий

Описание

Vaultwarden v1.32.5 was discovered to contain an authenticated reflected cross-site scripting (XSS) vulnerability via the component /api/core/mod.rs.

Ссылки

https://github.com/dani-garcia/vaultwarden/releases/tag/1.32.4
Release Notes
https://github.com/dani-garcia/vaultwarden/releases/tag/1.32.5
Release Notes
https://insinuator.net/2024/11/vulnerability-disclosure-authentication-bypass-in-vaultwarden-versions-1-32-5/
Exploit
Patch
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:dani-garcia:vaultwarden:1.32.5:*:*:*:*:*:*:*

EPSS

Процентиль: 35%

0.00144

Низкий

5.4 Medium

CVSS3

Дефекты

CWE-79

Связанные уязвимости

CVE-2024-55226

CVSS3: 5.4

debian

около 1 года назад

Vaultwarden v1.32.5 was discovered to contain an authenticated reflect ...

GHSA-vprm-27pv-jp3w

github

около 1 года назад

Vaultwarden authenticated reflected cross-site scripting (XSS) vulnerability

EPSS

Процентиль: 35%

0.00144

Низкий

5.4 Medium

CVSS3

Дефекты

CWE-79