CVE-2024-56335

{"id": "CVE-2024-56335", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.6, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 4.7, "exploitabilityScore": 2.8}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.6}]}, "published": "2024-12-20T21:15:10.277", "references": [{"url": "https://github.com/dani-garcia/vaultwarden/security/advisories/GHSA-g65h-982x-4m5m", "tags": ["Vendor Advisory"], "source": "security-advisories@github.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-269"}, {"lang": "en", "value": "CWE-284"}, {"lang": "en", "value": "CWE-285"}, {"lang": "en", "value": "CWE-287"}]}], "descriptions": [{"lang": "en", "value": "vaultwarden is an unofficial Bitwarden compatible server written in Rust, formerly known as bitwarden_rs. In affected versions an attacker is capable of updating or deleting groups from an organization given a few conditions: 1. The attacker has a user account in the server. 2. The attacker's account has admin or owner permissions in an unrelated organization. 3. The attacker knows the target organization's UUID and the target group's UUID. Note that this vulnerability is related to group functionality and as such is only applicable for servers who have enabled the `ORG_GROUPS_ENABLED` setting, which is disabled by default. This attack can lead to different situations: 1. Denial of service, the attacker can limit users from accessing the organization's data by removing their membership from the group. 2. Privilege escalation, if the attacker is part of the victim organization, they can escalate their own privileges by joining a group they wouldn't normally have access to. For attackers that aren't part of the organization, this shouldn't lead to any possible plain-text data exfiltration as all the data is encrypted client side. This vulnerability is patched in Vaultwarden `1.32.7`, and users are recommended to update as soon as possible. If it's not possible to update to `1.32.7`, some possible workarounds are: 1. Disabling `ORG_GROUPS_ENABLED`, which would disable groups functionality on the server. 2. Disabling `SIGNUPS_ALLOWED`, which would not allow an attacker to create new accounts on the server."}, {"lang": "es", "value": "vaultwarden es un servidor no oficial compatible con Bitwarden escrito en Rust, anteriormente conocido como bitwarden_rs. En las versiones afectadas, un atacante puede actualizar o eliminar grupos de una organizaci\u00f3n dadas algunas condiciones: 1. El atacante tiene una cuenta de usuario en el servidor. 2. La cuenta del atacante tiene permisos de administrador o propietario en una organizaci\u00f3n no relacionada. 3. El atacante conoce el UUID de la organizaci\u00f3n objetivo y el UUID del grupo objetivo. Tenga en cuenta que esta vulnerabilidad est\u00e1 relacionada con la funcionalidad del grupo y, como tal, solo se aplica a los servidores que han habilitado la configuraci\u00f3n `ORG_GROUPS_ENABLED`, que est\u00e1 deshabilitada de forma predeterminada. Este ataque puede conducir a diferentes situaciones: 1. Denegaci\u00f3n de servicio, el atacante puede limitar el acceso de los usuarios a los datos de la organizaci\u00f3n eliminando su membres\u00eda del grupo. 2. Escalada de privilegios, si el atacante es parte de la organizaci\u00f3n v\u00edctima, puede escalar sus propios privilegios uni\u00e9ndose a un grupo al que normalmente no tendr\u00eda acceso. Para los atacantes que no forman parte de la organizaci\u00f3n, esto no deber\u00eda dar lugar a ninguna posible exfiltraci\u00f3n de datos de texto plano, ya que todos los datos est\u00e1n cifrados del lado del cliente. Esta vulnerabilidad est\u00e1 parcheada en Vaultwarden `1.32.7`, y se recomienda a los usuarios que actualicen lo antes posible. Si no es posible actualizar a `1.32.7`, algunas posibles workarounds son: 1. Deshabilitar `ORG_GROUPS_ENABLED`, que deshabilitar\u00eda la funcionalidad de grupos en el servidor. 2. Deshabilitar `SIGNUPS_ALLOWED`, que no permitir\u00eda a un atacante crear nuevas cuentas en el servidor."}], "lastModified": "2025-08-19T13:46:58.837", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:dani-garcia:vaultwarden:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3FB400CF-9812-4941-B31C-3518A966E5C1", "versionEndExcluding": "1.32.7"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}