Lucene search

Passwork Security Vulnerabilities

cve

CVE-2022-25266

Passwork On-Premise Edition before 4.6.13 allows migration/downloadExportFile Directory Traversal (to read files).

4.3CVSS

4.6AI Score

0.001EPSS

2022-03-23 11:15 PM

cve

CVE-2022-25267

Passwork On-Premise Edition before 4.6.13 allows migration/uploadExportFile Directory Traversal (to upload files).

8.8CVSS

8.7AI Score

0.001EPSS

2022-03-23 11:15 PM

cve

CVE-2022-25268

Passwork On-Premise Edition before 4.6.13 allows CSRF via the groups, password, and history subsystems.

8.8CVSS

8.7AI Score

0.001EPSS

2022-03-23 11:15 PM

cve

CVE-2022-25269

Passwork On-Premise Edition before 4.6.13 has multiple XSS issues.

6.1CVSS

6AI Score

0.001EPSS

2022-03-23 11:15 PM

cve

CVE-2022-42955

The PassWork extension 5.0.9 for Chrome and other browsers allows an attacker to obtain cleartext cached credentials.

7.5CVSS

7.4AI Score

0.002EPSS

2022-11-07 01:15 PM

cve

CVE-2022-42956

The PassWork extension 5.0.9 for Chrome and other browsers allows an attacker to obtain the cleartext master password.

7.5CVSS

7.4AI Score

0.002EPSS

2022-11-07 01:15 PM

cve

CVE-2023-49949

Passwork before 6.2.0 allows remote authenticated users to bypass 2FA by sending all one million of the possible 6-digit codes.

8.1CVSS

7.7AI Score

0.001EPSS

2023-12-26 02:15 PM