High severityNVD Advisory· Published Jan 9, 2025· Updated Jan 10, 2025
CVE-2024-55225
CVE-2024-55225
Description
An issue in the component src/api/identity.rs of Vaultwarden prior to v1.32.5 allows attackers to impersonate users, including Administrators, via a crafted authorization request.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
vaultwardencrates.io | < 1.32.5 | 1.32.5 |
Affected products
2- Vaultwarden/Vaultwardendescription
Patches
Vulnerability mechanics
References
8- github.com/advisories/GHSA-x7m9-mv49-fv73ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2024-55225ghsaADVISORY
- github.com/dani-garcia/vaultwarden/commit/20d9e885bfcd7df7828d92c6e59ed5fe7b40a879ghsaWEB
- github.com/dani-garcia/vaultwarden/commit/37c14c3c69b244ec50f5c62b4c9260171607c1d8ghsaWEB
- github.com/dani-garcia/vaultwarden/releases/tag/1.32.4ghsaWEB
- github.com/dani-garcia/vaultwarden/releases/tag/1.32.5ghsaWEB
- insinuator.net/2024/11/vulnerability-disclosure-authentication-bypass-in-vaultwarden-versions-1-32-5ghsaWEB
- insinuator.net/2024/11/vulnerability-disclosure-authentication-bypass-in-vaultwarden-versions-1-32-5/mitre
News mentions
0No linked articles in our index yet.