Lucene search

Alpine Linux Development TeamALPINE:CVE-2024-39924

HistorySep 13, 2024 - 6:15 p.m.

CVE-2024-39924

2024-09-1318:15:03

Alpine Linux Development Team

security.alpinelinux.org

vaultwarden bitwarden_rs authentication authorization vulnerability escalation access control unix

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

AI Score

Confidence

Low

EPSS

Percentile

9.6%

JSON

An issue was discovered in Vaultwarden (formerly Bitwarden_RS) 1.30.3. A vulnerability has been identified in the authentication and authorization process of the endpoint responsible for altering the metadata of an emergency access. It permits an attacker with granted emergency access to escalate their privileges by changing the access level and modifying the wait time. Consequently, the attacker can gain full control over the vault (when only intended to have read access) while bypassing the necessary wait period.

OSVersionArchitecturePackageVersionFilename
Alpineedge-communitynoarchvaultwarden< 1.32.0UNKNOWN
Alpine3.20-communitynoarchvaultwarden< 1.32.0UNKNOWN

OS	Version	Architecture	Package	Version	Filename
Alpine	edge-community	noarch	vaultwarden	< 1.32.0	UNKNOWN
Alpine	3.20-community	noarch	vaultwarden	< 1.32.0	UNKNOWN

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

AI Score

Confidence

Low

EPSS

Percentile

9.6%

JSON

Related for ALPINE:CVE-2024-39924