Описание
Vaultwarden is an unofficial Bitwarden compatible server written in Rust, formerly known as bitwarden_rs. Prior to version 1.35.4, an authenticated regular user can specify another user’s cipher_id and call "PUT /api/ciphers/{id}/partial" Even though the standard retrieval API correctly denies access to that cipher, the partial update endpoint returns 200 OK and exposes cipherDetails (including name, notes, data, secureNote, etc.). This issue has been patched in version 1.35.4.
A flaw was found in Vaultwarden, an unofficial Bitwarden compatible server. An authenticated regular user can exploit this by specifying another user’s cipher identifier (cipher_id) and making a partial update request to the API. This action bypasses standard access controls, leading to the exposure of sensitive cipher details, such as names, notes, and data, belonging to other users. This vulnerability results in information disclosure.
Отчет
This MODERATE information disclosure vulnerability in Vaultwarden allows an authenticated user to retrieve another user's cipher details via the partial update API endpoint (CWE-639 IDOR). Exploitation requires network access and valid authentication (PR:L). Impact is limited to high confidentiality loss (exposure of names, notes, secure notes); no integrity or availability impact. Affects versions prior to 1.35.4. Red Hat does not ship Vaultwarden.
Дополнительная информация
Статус:
6.5 Medium
CVSS3
Связанные уязвимости
Vaultwarden is an unofficial Bitwarden compatible server written in Rust, formerly known as bitwarden_rs. Prior to version 1.35.4, an authenticated regular user can specify another user’s cipher_id and call "PUT /api/ciphers/{id}/partial" Even though the standard retrieval API correctly denies access to that cipher, the partial update endpoint returns 200 OK and exposes cipherDetails (including name, notes, data, secureNote, etc.). This issue has been patched in version 1.35.4.
Vaultwarden is an unofficial Bitwarden compatible server written in Ru ...
Vaultwarden has Unauthorized Access via Partial Update API on Another User’s Cipher
6.5 Medium
CVSS3