CVE-2024-33669

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-33669

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-33669.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2024-33669

Aliases

GHSA-xfq4-78j7-v594

Published

2024-04-26T01:15:46Z

Modified

2025-06-20T03:56:52.847230Z

Severity

6.8 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N CVSS Calculator

Summary

[none]

Details

An issue was discovered in Passbolt Browser Extension before 4.6.2. It can send multiple requests to HaveIBeenPwned while a password is being typed, which results in an information leak. This allows an attacker capable of observing Passbolt's HTTPS queries to the Pwned Password API to more easily brute force passwords that are manually typed by the user.

References

Affected packages

Git / github.com/passbolt/passbolt_browser_extension

Affected ranges

Type: GIT
Repo: https://github.com/passbolt/passbolt_browser_extension
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

aa7bd7636f8551e3e927ca195c326490308b0108

Affected versions

1.*

1.0.3

1.0.4

v1.*

v1.0.10

v1.0.11

v1.0.12

v1.0.13

v1.0.5

v1.0.6

v1.0.7

v1.0.9

v1.0.9-b

v1.1.0

v1.1.1

v1.2.0

v1.3.0

v1.3.1

v1.3.2

v1.4.0

v1.4.2

v1.4.3

v1.5.1

v1.6.0

v1.6.1

v1.6.10

v1.6.2

v1.6.3

v1.6.4

v1.6.5

v1.6.6

v1.6.7

v1.6.8

v1.6.9

v2.*

v2.0.5

v2.0.7

v2.0.8

v2.0.9

v2.10.0

v2.10.1

v2.10.2

v2.11.0

v2.11.1

v2.11.2

v2.11.3

v2.12.0

v2.12.1

v2.12.2

v2.12.3

v2.13.0

v2.13.1

v2.13.2

v2.13.3

v2.13.4

v2.13.5

v2.13.6

v2.13.7

v2.13.8

v2.2.0

v2.2.1

v2.4

v2.4.1

v2.4.2

v2.4.3

v2.4.4

v2.4.5

v2.4.6

v2.7

v2.8.0

v2.8.1

v2.8.2

v2.8.3

v2.9.0

v2.9.1

v2.9.2

v3.*

v3.0.0

v3.0.1

v3.0.2

v3.0.3

v3.0.4

v3.0.5

v3.0.6

v3.0.7

v3.1.0

v3.10.0

v3.11.0

v3.11.1

v3.11.2

v3.12.0

v3.12.1

v3.2.0

v3.2.1

v3.2.2

v3.2.3

v3.3.0

v3.3.1

v3.4.0

v3.5.0

v3.5.1

v3.5.2

v3.6.0

v3.6.1

v3.6.2

v3.7.0

v3.7.1

v3.7.2

v3.7.3

v3.8.0

v3.8.2

v3.9.0

v3.9.1

v3.9.2

v4.*

v4.0.0

v4.0.1

v4.0.3

v4.0.3-rc.0

v4.0.4

v4.0.4-rc.0

v4.1.0

v4.1.0-rc.1

v4.1.0-rc.2

v4.1.2

v4.1.2-rc.1

v4.2.0

v4.2.0-rc.0

v4.3.0

v4.3.0-rc.0

v4.3.1

v4.3.1-rc.0

v4.4.0

v4.4.0-rc.0

v4.4.2

v4.4.2-rc.0

v4.5.0

v4.5.0-rc.0

v4.5.1

v4.5.1-rc.0

v4.5.2

v4.5.2-rc.0

v4.6.0

v4.6.0-rc.0

v4.6.2-rc.0