Описание
vaultwarden is an unofficial Bitwarden compatible server written in Rust, formerly known as bitwarden_rs. Prior to 1.35.3, a regular organization member can retrieve all ciphers within an organization, regardless of collection permissions. The endpoint /ciphers/organization-details is accessible to any organization member and internally uses Cipher::find_by_org to retrieve all ciphers. These ciphers are returned with CipherSyncType::Organization without enforcing collection-level access control. This vulnerability is fixed in 1.35.3.
A flaw was found in vaultwarden, an unofficial Bitwarden compatible server. A regular organization member can retrieve all ciphers (encrypted data) within an organization, bypassing collection-level access controls. This allows for unauthorized information disclosure, potentially exposing sensitive data.
Отчет
MODERATE: This flaw allows an authenticated organization member to bypass collection permissions and enumerate all ciphers within a Vaultwarden organization. This could lead to unauthorized disclosure of sensitive information. Red Hat does not ship Vaultwarden as part of its products; however, customers deploying Vaultwarden in their environment may be affected.
Меры по смягчению последствий
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.
Дополнительная информация
Статус:
6.5 Medium
CVSS3
Связанные уязвимости
vaultwarden is an unofficial Bitwarden compatible server written in Rust, formerly known as bitwarden_rs. Prior to 1.35.3, a regular organization member can retrieve all ciphers within an organization, regardless of collection permissions. The endpoint /ciphers/organization-details is accessible to any organization member and internally uses Cipher::find_by_org to retrieve all ciphers. These ciphers are returned with CipherSyncType::Organization without enforcing collection-level access control. This vulnerability is fixed in 1.35.3.
vaultwarden is an unofficial Bitwarden compatible server written in Ru ...
6.5 Medium
CVSS3