CVE-2024-33669

Source
https://nvd.nist.gov/vuln/detail/CVE-2024-33669
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-33669.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2024-33669
Aliases
Published
2024-04-26T01:15:46Z
Modified
2025-06-20T03:56:52.847230Z
Severity
  • 6.8 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N CVSS Calculator
Summary
[none]
Details

An issue was discovered in Passbolt Browser Extension before 4.6.2. It can send multiple requests to HaveIBeenPwned while a password is being typed, which results in an information leak. This allows an attacker capable of observing Passbolt's HTTPS queries to the Pwned Password API to more easily brute force passwords that are manually typed by the user.

References

Affected packages

Git / github.com/passbolt/passbolt_browser_extension

Affected ranges

Type
GIT
Repo
https://github.com/passbolt/passbolt_browser_extension
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed

Affected versions

1.*

1.0.3
1.0.4

v1.*

v1.0.10
v1.0.11
v1.0.12
v1.0.13
v1.0.5
v1.0.6
v1.0.7
v1.0.9
v1.0.9-b
v1.1.0
v1.1.1
v1.2.0
v1.3.0
v1.3.1
v1.3.2
v1.4.0
v1.4.2
v1.4.3
v1.5.1
v1.6.0
v1.6.1
v1.6.10
v1.6.2
v1.6.3
v1.6.4
v1.6.5
v1.6.6
v1.6.7
v1.6.8
v1.6.9

v2.*

v2.0.5
v2.0.7
v2.0.8
v2.0.9
v2.10.0
v2.10.1
v2.10.2
v2.11.0
v2.11.1
v2.11.2
v2.11.3
v2.12.0
v2.12.1
v2.12.2
v2.12.3
v2.13.0
v2.13.1
v2.13.2
v2.13.3
v2.13.4
v2.13.5
v2.13.6
v2.13.7
v2.13.8
v2.2.0
v2.2.1
v2.4
v2.4.1
v2.4.2
v2.4.3
v2.4.4
v2.4.5
v2.4.6
v2.7
v2.8.0
v2.8.1
v2.8.2
v2.8.3
v2.9.0
v2.9.1
v2.9.2

v3.*

v3.0.0
v3.0.1
v3.0.2
v3.0.3
v3.0.4
v3.0.5
v3.0.6
v3.0.7
v3.1.0
v3.10.0
v3.11.0
v3.11.1
v3.11.2
v3.12.0
v3.12.1
v3.2.0
v3.2.1
v3.2.2
v3.2.3
v3.3.0
v3.3.1
v3.4.0
v3.5.0
v3.5.1
v3.5.2
v3.6.0
v3.6.1
v3.6.2
v3.7.0
v3.7.1
v3.7.2
v3.7.3
v3.8.0
v3.8.2
v3.9.0
v3.9.1
v3.9.2

v4.*

v4.0.0
v4.0.1
v4.0.3
v4.0.3-rc.0
v4.0.4
v4.0.4-rc.0
v4.1.0
v4.1.0-rc.1
v4.1.0-rc.2
v4.1.2
v4.1.2-rc.1
v4.2.0
v4.2.0-rc.0
v4.3.0
v4.3.0-rc.0
v4.3.1
v4.3.1-rc.0
v4.4.0
v4.4.0-rc.0
v4.4.2
v4.4.2-rc.0
v4.5.0
v4.5.0-rc.0
v4.5.1
v4.5.1-rc.0
v4.5.2
v4.5.2-rc.0
v4.6.0
v4.6.0-rc.0
v4.6.2-rc.0