CVE-2024-56335

Source
https://cve.org/CVERecord?id=CVE-2024-56335
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-56335.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2024-56335
Aliases
  • GHSA-g65h-982x-4m5m
Published
2024-12-20T20:15:35.854Z
Modified
2026-04-10T05:18:45.747667Z
Severity
  • 7.6 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L CVSS Calculator
Summary
Privilege escalation allows organization groups to be updated/deleted if their UUID is known in vaultwarden
Details

vaultwarden is an unofficial Bitwarden compatible server written in Rust, formerly known as bitwarden_rs. In affected versions an attacker is capable of updating or deleting groups from an organization given a few conditions: 1. The attacker has a user account in the server. 2. The attacker's account has admin or owner permissions in an unrelated organization. 3. The attacker knows the target organization's UUID and the target group's UUID. Note that this vulnerability is related to group functionality and as such is only applicable for servers who have enabled the ORG_GROUPS_ENABLED setting, which is disabled by default. This attack can lead to different situations: 1. Denial of service, the attacker can limit users from accessing the organization's data by removing their membership from the group. 2. Privilege escalation, if the attacker is part of the victim organization, they can escalate their own privileges by joining a group they wouldn't normally have access to. For attackers that aren't part of the organization, this shouldn't lead to any possible plain-text data exfiltration as all the data is encrypted client side. This vulnerability is patched in Vaultwarden 1.32.7, and users are recommended to update as soon as possible. If it's not possible to update to 1.32.7, some possible workarounds are: 1. Disabling ORG_GROUPS_ENABLED, which would disable groups functionality on the server. 2. Disabling SIGNUPS_ALLOWED, which would not allow an attacker to create new accounts on the server.

Database specific
{
    "cwe_ids": [
        "CWE-269",
        "CWE-284",
        "CWE-285",
        "CWE-287"
    ],
    "cna_assigner": "GitHub_M",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/56xxx/CVE-2024-56335.json"
}
References

Affected packages

Git / github.com/dani-garcia/vaultwarden

Affected ranges

Type
GIT
Repo
https://github.com/dani-garcia/vaultwarden
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed

Affected versions

0.*
0.10.0
0.11.0
0.12.0
0.13.0
1.*
1.0.0
1.1.0
1.10.0
1.11.0
1.12.0
1.13.0
1.13.1
1.14
1.14.1
1.14.2
1.15.0
1.15.1
1.16.0
1.16.1
1.16.2
1.16.3
1.17.0
1.18.0
1.19.0
1.2.0
1.20.0
1.21.0
1.22.0
1.22.1
1.22.2
1.23.0
1.23.1
1.24.0
1.25.0
1.25.1
1.25.2
1.26.0
1.27.0
1.28.0
1.28.1
1.29.0
1.29.1
1.29.2
1.3.0
1.30.0
1.30.1
1.30.2
1.30.3
1.30.4
1.30.5
1.31.0
1.32.0
1.32.1
1.32.2
1.32.3
1.32.4
1.32.5
1.32.6
1.4.0
1.5.0
1.6.0
1.6.1
1.7.0
1.8.0
1.9.0
1.9.1

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-56335.json"