View | Details | Raw Unified | Return to bug 283435 | Differences between
and this patch

Collapse All | Expand All

(-)b/security/vuxml/vuln/2024.xml (+30 lines)
Lines 1-3 Link Here
1 
  <vuln vid="181091ba-bece-11ef-82e7-180373b66b37">
2 
    <topic>Vaultwarden -- Multiple vulnerabilities</topic>
3 
    <affects>
4 
      <package>
5 
	<name>vaultwarden</name>
6 
	<range><lt>1.32.7</lt></range>
7 
      </package>
8 
    </affects>
9 
    <description>
10 
	<body xmlns="http://www.w3.org/1999/xhtml">
11 
	<p>The Vaultwarden project reports:</p>
12 
	<blockquote cite="https://github.com/dani-garcia/vaultwarden/releases/tag/1.32.7">
13 
	  <p>We have yet a few other security fixes for this release. We discovered
14 
	  that groups were able to be edited by any admin from any organization
15 
	  because the organization was not validated or used within the query. This
16 
	  could potentially allow an admin from other organizations to modify, or
17 
	  delete groups from any organization if they know the uuid of the
18 
	  group.</p>
19 
	</blockquote>
20 
	</body>
21 
    </description>
22 
    <references>
23 
      <url>https://github.com/dani-garcia/vaultwarden/releases/tag/1.32.7</url>
24 
    </references>
25 
    <dates>
26 
      <discovery>2024-12-13</discovery>
27 
      <entry>2024-12-20</entry>
28 
    </dates>
29 
  </vuln>
30 

            

        

          1
          
  <vuln vid="e18c5c8d-be01-11ef-8c1c-a8a1599412c6">

          31
          
  <vuln vid="e18c5c8d-be01-11ef-8c1c-a8a1599412c6">

        

        

          2
          
    <topic>chromium -- multiple security fixes</topic>

          32
          
    <topic>chromium -- multiple security fixes</topic>

        

        

          3
          
    <affects>

          33
          
    <affects>

        






  

  Return to bug 283435