CVE-2024-56335

CVSS 3.1 Score 7.6 of 10 (high)

Details

Published Dec 20, 2024

CWE ID 285

CWE ID 284

CWE ID 269

CWE ID 287

Summary

CVE-2024-56335 is a vulnerability affecting vaultwarden, an unofficial Bitwarden-compatible server written in Rust. In vulnerable versions, an attacker with a user account and admin or owner permissions in an unrelated organization can update or delete groups in a target organization, given they know the target organization's and group's UUIDs. This issue, related to the `ORG_GROUPS_ENABLED` setting, can result in denial-of-service or privilege escalation. Patched in Vaultwarden 1.32.7, it is recommended that users update as soon as possible. As interim measures, disabling `ORG_GROUPS_ENABLED` or `SIGNUPS_ALLOWED` may help mitigate the risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Affected Products

Vaultwarden

Advisories, Assessments, and Mitigations

Back to Vulnerability Database

Platform Features

Products

Use Cases

Teams

Industries

Services

GrayAlpha Uses Diverse Infection Vectors to Deploy PowerNet Loader and NetSupport RAT

Predator Still Active, with New Client and Corporate Links Identified

Russia-Aligned TAG-110 Targets Tajikistan with Macro-Enabled Word Documents

Know What Matters

For Customers

For Partners