vaultwarden allows RCE in the admin panel

vaultwarden is an unofficial Bitwarden compatible server written in Rust, formerly known as bitwarden_rs. Attacker with authenticated access to the vaultwarden admin panel can execute arbitrary code in the system. The attacker could then change some settings to use sendmail as mail agent but adjust the settings in such a way that it would use a shell command. It then also needed to craft a special favicon image which would have the commands embedded to run during for example sending a test email. This vulnerability is fixed in 1.33.0.

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

输出中的特殊元素转义处理不恰当(注入)

vaultwarden 注入漏洞

Vaultwarden是Daniel García个人开发者的一个用 Rust 编写的 Bitwarden 服务器 API 的替代实现。 vaultwarden存在注入漏洞，该漏洞源于已认证的攻击者可通过系统管理员面板执行任意代码，并利用特殊构造的favicon图像进行攻击。

N/A

N/A