cvedb.io
CVE-2024-56335
HIGH · CVSS 7.6
EPSS exploitation probability: 0%
Published 2024-12-20T21:15:10.277 · Last modified 2026-06-17T08:12:04.060

Summary

vaultwarden is an unofficial Bitwarden compatible server written in Rust, formerly known as bitwarden_rs. In affected versions an attacker is capable of updating or deleting groups from an organization given a few conditions: 1. The attacker has a user account in the server. 2. The attacker's account has admin or owner permissions in an unrelated organization. 3. The attacker knows the target organization's UUID and the target group's UUID. Note that this vulnerability is related to group functionality and as such is only applicable for servers who have enabled the `ORG_GROUPS_ENABLED` setting, which is disabled by default. This attack can lead to different situations: 1. Denial of service, the attacker can limit users from accessing the organization's data by removing their membership fro

Affected products

dani-garcia — vaultwarden

Does this affect you?

Add your gear to cvedb and we'll alert you only when dani-garcia ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.