2 matches found
PT-2026-23073
Name of the Vulnerable Software and Affected Versions Vaultwarden versions prior to 1.35.4 Description Vaultwarden, a Bitwarden compatible server, had a flaw where an authenticated user could access another user’s cipher details by specifying their cipher id in a "PUT" request to the...
Contrast has insecure LUKS2 persistent storage partitions may be opened and used
Summary A malicious host may provide a crafted LUKS2 volume to a Contrast pod VM that uses the secure persistent volume feature. The guest will open the volume and write secret data using a volume key known to the attacker. LUKS2 volume metadata is a not authenticated and b supports null...