Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Vaultwarden: Privilege Escalation via Bulk Permission Update to Unauthorized Collections by Manager
Vulnerability Description
Vaultwarden is an unofficial Bitwarden compatible server written in Rust, formerly known as bitwarden_rs. Prior to version 1.35.4, there is a privilege escalation vulnerability via bulk permission update to unauthorized collections by Manager. This issue has been patched in version 1.35.4.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
Vulnerability Type
特权管理不恰当
Vulnerability Title
Vaultwarden 安全漏洞
Vulnerability Description
Vaultwarden是Daniel García个人开发者的一个用 Rust 编写的 Bitwarden 服务器 API 的替代实现。 Vaultwarden 1.35.4之前版本存在安全漏洞,该漏洞源于Manager可通过批量权限更新访问未授权集合,可能导致权限提升。
CVSS Information
N/A
Vulnerability Type
N/A