Skip to main content

Bitwarden

3 CVEs product

Monthly

CVE-2023-38840 MEDIUM PATCH This Month

Bitwarden Desktop 2023.7.0 and below allows an attacker with local access to obtain sensitive information via the Bitwarden.exe process. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Bitwarden
NVD GitHub
CVSS 3.1
5.5
EPSS
0.6%
CVE-2023-27706 HIGH POC This Week

Bitwarden Windows desktop application versions prior to v2023.4.0 store biometric keys in Windows Credential Manager, accessible to other local unprivileged processes. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Microsoft Bitwarden
NVD GitHub
CVSS 3.1
7.1
EPSS
0.6%
CVE-2023-27974 HIGH POC This Week

Bitwarden through 2023.2.1 offers password auto-fill when the second-level domain matches, e.g., a password stored for an example.com hosting provider when customer-website.example.com is visited. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Bitwarden
NVD GitHub
CVSS 3.1
7.5
EPSS
1.0%
EPSS 1% CVSS 5.5
MEDIUM PATCH This Month

Bitwarden Desktop 2023.7.0 and below allows an attacker with local access to obtain sensitive information via the Bitwarden.exe process. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Bitwarden
NVD GitHub
EPSS 1% CVSS 7.1
HIGH POC This Week

Bitwarden Windows desktop application versions prior to v2023.4.0 store biometric keys in Windows Credential Manager, accessible to other local unprivileged processes. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Microsoft Bitwarden
NVD GitHub
EPSS 1% CVSS 7.5
HIGH POC This Week

Bitwarden through 2023.2.1 offers password auto-fill when the second-level domain matches, e.g., a password stored for an example.com hosting provider when customer-website.example.com is visited. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Bitwarden
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy