Skip to main content

Passwork

7 CVEs product

Monthly

CVE-2023-49949 HIGH POC This Week

Passwork before 6.2.0 allows remote authenticated users to bypass 2FA by sending all one million of the possible 6-digit codes. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Passwork
NVD
CVSS 3.1
8.1
EPSS
0.6%
CVE-2022-42956 HIGH This Week

The PassWork extension 5.0.9 for Chrome and other browsers allows an attacker to obtain the cleartext master password. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Google Passwork
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2022-42955 HIGH This Week

The PassWork extension 5.0.9 for Chrome and other browsers allows an attacker to obtain cleartext cached credentials. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Google Passwork
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2022-25269 MEDIUM This Month

Passwork On-Premise Edition before 4.6.13 has multiple XSS issues. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Passwork
NVD GitHub
CVSS 3.1
6.1
EPSS
0.5%
CVE-2022-25268 HIGH This Week

Passwork On-Premise Edition before 4.6.13 allows CSRF via the groups, password, and history subsystems. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Passwork
NVD GitHub
CVSS 3.1
8.8
EPSS
0.4%
CVE-2022-25267 HIGH This Week

Passwork On-Premise Edition before 4.6.13 allows migration/uploadExportFile Directory Traversal (to upload files). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Passwork
NVD GitHub
CVSS 3.1
8.8
EPSS
1.4%
CVE-2022-25266 MEDIUM This Month

Passwork On-Premise Edition before 4.6.13 allows migration/downloadExportFile Directory Traversal (to read files). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Passwork
NVD GitHub
CVSS 3.1
4.3
EPSS
0.9%
EPSS 1% CVSS 8.1
HIGH POC This Week

Passwork before 6.2.0 allows remote authenticated users to bypass 2FA by sending all one million of the possible 6-digit codes. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Passwork
NVD
EPSS 0% CVSS 7.5
HIGH This Week

The PassWork extension 5.0.9 for Chrome and other browsers allows an attacker to obtain the cleartext master password. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Google Passwork
NVD
EPSS 0% CVSS 7.5
HIGH This Week

The PassWork extension 5.0.9 for Chrome and other browsers allows an attacker to obtain cleartext cached credentials. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Google Passwork
NVD
EPSS 1% CVSS 6.1
MEDIUM This Month

Passwork On-Premise Edition before 4.6.13 has multiple XSS issues. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Passwork
NVD GitHub
EPSS 0% CVSS 8.8
HIGH This Week

Passwork On-Premise Edition before 4.6.13 allows CSRF via the groups, password, and history subsystems. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Passwork
NVD GitHub
EPSS 1% CVSS 8.8
HIGH This Week

Passwork On-Premise Edition before 4.6.13 allows migration/uploadExportFile Directory Traversal (to upload files). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Passwork
NVD GitHub
EPSS 1% CVSS 4.3
MEDIUM This Month

Passwork On-Premise Edition before 4.6.13 allows migration/downloadExportFile Directory Traversal (to read files). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Passwork
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy