CVE-2024-56335

vaultwarden is an unofficial Bitwarden compatible server written in Rust, formerly known as bitwarden_rs. In affected versions an attacker is capable of updating or deleting groups from an organization given a few conditions: 1. The attacker has a user account in the server. 2. The attacker's account has admin or owner permissions in an unrelated organization. 3. The attacker knows the target organization's UUID and the target group's UUID. Note that this vulnerability is related to group functionality and as such is only applicable for servers who have enabled the `ORG_GROUPS_ENABLED` setting, which is disabled by default. This attack can lead to different situations: 1. Denial of service, the attacker can limit users from accessing the organization's data by removing their membership from the group. 2. Privilege escalation, if the attacker is part of the victim organization, they can escalate their own privileges by joining a group they wouldn't normally have access to. For attackers that aren't part of the organization, this shouldn't lead to any possible plain-text data exfiltration as all the data is encrypted client side. This vulnerability is patched in Vaultwarden `1.32.7`, and users are recommended to update as soon as possible. If it's not possible to update to `1.32.7`, some possible workarounds are: 1. Disabling `ORG_GROUPS_ENABLED`, which would disable groups functionality on the server. 2. Disabling `SIGNUPS_ALLOWED`, which would not allow an attacker to create new accounts on the server.

CVSS v3 7.6 HIGH

7.6^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 4.7

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact HIGH

Availability Impact LOW

Scope UNCHANGED

References

Link	Resource
https://github.com/dani-garcia/vaultwarden/security/advisories/GHSA-g65h-982x-4m5m

Configurations

No configuration.

History

20 Dec 2024, 21:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-12-20 21:15

Updated : 2024-12-20 21:15

NVD link : CVE-2024-56335

Mitre link : CVE-2024-56335

CVE.ORG link : CVE-2024-56335

JSON object : View

Products Affected

No product.

CWE

CWE-269

Improper Privilege Management

CWE-284

Improper Access Control

CWE-285

Improper Authorization

CWE-287

Improper Authentication

{"id": "CVE-2024-56335", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.6, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 4.7, "exploitabilityScore": 2.8}]}, "published": "2024-12-20T21:15:10.277", "references": [{"url": "https://github.com/dani-garcia/vaultwarden/security/advisories/GHSA-g65h-982x-4m5m", "source": "security-advisories@github.com"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Primary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-269"}, {"lang": "en", "value": "CWE-284"}, {"lang": "en", "value": "CWE-285"}, {"lang": "en", "value": "CWE-287"}]}], "descriptions": [{"lang": "en", "value": "vaultwarden is an unofficial Bitwarden compatible server written in Rust, formerly known as bitwarden_rs. In affected versions an attacker is capable of updating or deleting groups from an organization given a few conditions: 1. The attacker has a user account in the server. 2. The attacker's account has admin or owner permissions in an unrelated organization. 3. The attacker knows the target organization's UUID and the target group's UUID. Note that this vulnerability is related to group functionality and as such is only applicable for servers who have enabled the `ORG_GROUPS_ENABLED` setting, which is disabled by default. This attack can lead to different situations: 1. Denial of service, the attacker can limit users from accessing the organization's data by removing their membership from the group. 2. Privilege escalation, if the attacker is part of the victim organization, they can escalate their own privileges by joining a group they wouldn't normally have access to. For attackers that aren't part of the organization, this shouldn't lead to any possible plain-text data exfiltration as all the data is encrypted client side. This vulnerability is patched in Vaultwarden `1.32.7`, and users are recommended to update as soon as possible. If it's not possible to update to `1.32.7`, some possible workarounds are: 1. Disabling `ORG_GROUPS_ENABLED`, which would disable groups functionality on the server. 2. Disabling `SIGNUPS_ALLOWED`, which would not allow an attacker to create new accounts on the server."}, {"lang": "es", "value": "vaultwarden es un servidor no oficial compatible con Bitwarden escrito en Rust, anteriormente conocido como bitwarden_rs. En las versiones afectadas, un atacante puede actualizar o eliminar grupos de una organizaci\u00f3n dadas algunas condiciones: 1. El atacante tiene una cuenta de usuario en el servidor. 2. La cuenta del atacante tiene permisos de administrador o propietario en una organizaci\u00f3n no relacionada. 3. El atacante conoce el UUID de la organizaci\u00f3n objetivo y el UUID del grupo objetivo. Tenga en cuenta que esta vulnerabilidad est\u00e1 relacionada con la funcionalidad del grupo y, como tal, solo se aplica a los servidores que han habilitado la configuraci\u00f3n `ORG_GROUPS_ENABLED`, que est\u00e1 deshabilitada de forma predeterminada. Este ataque puede conducir a diferentes situaciones: 1. Denegaci\u00f3n de servicio, el atacante puede limitar el acceso de los usuarios a los datos de la organizaci\u00f3n eliminando su membres\u00eda del grupo. 2. Escalada de privilegios, si el atacante es parte de la organizaci\u00f3n v\u00edctima, puede escalar sus propios privilegios uni\u00e9ndose a un grupo al que normalmente no tendr\u00eda acceso. Para los atacantes que no forman parte de la organizaci\u00f3n, esto no deber\u00eda dar lugar a ninguna posible exfiltraci\u00f3n de datos de texto plano, ya que todos los datos est\u00e1n cifrados del lado del cliente. Esta vulnerabilidad est\u00e1 parcheada en Vaultwarden `1.32.7`, y se recomienda a los usuarios que actualicen lo antes posible. Si no es posible actualizar a `1.32.7`, algunas posibles workarounds son: 1. Deshabilitar `ORG_GROUPS_ENABLED`, que deshabilitar\u00eda la funcionalidad de grupos en el servidor. 2. Deshabilitar `SIGNUPS_ALLOWED`, que no permitir\u00eda a un atacante crear nuevas cuentas en el servidor."}], "lastModified": "2024-12-20T21:15:10.277", "sourceIdentifier": "security-advisories@github.com"}

7.6 /10