Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
vaultwarden allows RCE in the admin panel
Vulnerability Description
vaultwarden is an unofficial Bitwarden compatible server written in Rust, formerly known as bitwarden_rs. Attacker with authenticated access to the vaultwarden admin panel can execute arbitrary code in the system. The attacker could then change some settings to use sendmail as mail agent but adjust the settings in such a way that it would use a shell command. It then also needed to craft a special favicon image which would have the commands embedded to run during for example sending a test email. This vulnerability is fixed in 1.33.0.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Vulnerability Type
输出中的特殊元素转义处理不恰当(注入)
Vulnerability Title
vaultwarden 注入漏洞
Vulnerability Description
Vaultwarden是Daniel García个人开发者的一个用 Rust 编写的 Bitwarden 服务器 API 的替代实现。 vaultwarden存在注入漏洞,该漏洞源于已认证的攻击者可通过系统管理员面板执行任意代码,并利用特殊构造的favicon图像进行攻击。
CVSS Information
N/A
Vulnerability Type
N/A