Описание
Vaultwarden is an unofficial Bitwarden compatible server written in Rust, formerly known as bitwarden_rs. Prior to version 1.35.4, there is a privilege escalation vulnerability via bulk permission update to unauthorized collections by Manager. This issue has been patched in version 1.35.4.
A flaw was found in Vaultwarden. A manager, an authorized user, can exploit this vulnerability by performing a bulk permission update to collections they are not authorized to access. This can lead to privilege escalation, allowing the manager to gain unauthorized access and control over these collections.
Отчет
IMPORTANT: This privilege escalation vulnerability in Vaultwarden allows a Manager to update permissions for unauthorized collections. This flaw affects Vaultwarden versions prior to 1.35.4, enabling a malicious or compromised Manager account to gain elevated privileges beyond their intended scope within the application.
Дополнительная информация
Статус:
EPSS
8.1 High
CVSS3
Связанные уязвимости
Vaultwarden is an unofficial Bitwarden compatible server written in Rust, formerly known as bitwarden_rs. Prior to version 1.35.4, there is a privilege escalation vulnerability via bulk permission update to unauthorized collections by Manager. This issue has been patched in version 1.35.4.
Vaultwarden is an unofficial Bitwarden compatible server written in Ru ...
Vaultwarden has Privilege Escalation via Bulk Permission Update to Unauthorized Collections by Manager
EPSS
8.1 High
CVSS3