CVE-2024-39926 – Vaultwarden is also plagued by XSS (17th Sep 2024)

Preface: Enables Vaultwarden’s built-in HTTPS functionality (via the Rocket web framework). Rocket’s HTTPS implementation is relatively immature and has limited functionality.

Rocket is a web framework written in Rust. It supports HTTP requests, Web Sockets JSON, templating and more. Its design was inspired by Rails, Flask, Bottle, and Yesod.

Background: Vaultwarden is an unofficial Bitwarden server implementation written in Rust that is compatible with the official Bitwarden client, making it ideal for resource-intensive self-hosted deployments where you don’t want to run the official Bitwarden client.

Vaultwarden implements the Bitwarden APIs required for most functionality, including: Web interface (equivalent to https://vault.bitwarden.com/), Event Logs, Password sharing and access control..etc

Vulnerability details: An issue was discovered in Vaultwarden (formerly Bitwarden_RS) 1.30.3. A stored cross-site scripting (XSS) or, due to the default CSP, HTML injection vulnerability has been discovered in the admin dashboard. This potentially allows an authenticated attacker to inject malicious code into the dashboard, which is then executed or rendered in the context of an administrator’s browser when viewing the injected content. However, it is important to note that the default Content Security Policy (CSP) of the application blocks most exploitation paths, significantly mitigating the potential impact.

Official announcement: Please refer to the vendor announcement for details –

https://nvd.nist.gov/vuln/detail/CVE-2024-39926

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.