https://vulnerability.circl.lu Contains only the most 10 recent sightings. http://www.rssboard.org/rss-specification python-feedgen en Mon, 01 Jun 2026 11:19:32 +0000 https://vulnerability.circl.lu/sighting/54279d09-dbe0-4364-bef7-e52ff79291eb/export {"uuid": "54279d09-dbe0-4364-bef7-e52ff79291eb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-39925", "type": "seen", "source": "https://t.me/cvedetector/5647", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-39925 - Vaultwarden (formerly Bitwarden_RS) Key Leak and Unauthorized Data Access Vulnerability\", \n \"Content\": \"CVE ID : CVE-2024-39925 \nPublished : Sept. 13, 2024, 6:15 p.m. | 39\u00a0minutes ago \nDescription : An issue was discovered in Vaultwarden (formerly Bitwarden_RS) 1.30.3. It lacks an offboarding process for members who leave an organization. As a result, the shared organization key is not rotated when a member departs. Consequently, the departing member, whose access should be revoked, retains a copy of the organization key. Additionally, the application fails to adequately protect some encrypted data stored on the server. Consequently, an authenticated user could gain unauthorized access to encrypted data of any organization, even if the user is not a member of the targeted organization. However, the user would need to know the corresponding organizationId. Hence, if a user (whose access to an organization has been revoked) already possesses the organization key, that user could use the key to decrypt the leaked data. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"13 Sep 2024\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-09-13T21:19:05.000000Z"} {"uuid": "54279d09-dbe0-4364-bef7-e52ff79291eb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-39925", "type": "seen", "source": "https://t.me/cvedetector/5647", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-39925 - Vaultwarden (formerly Bitwarden_RS) Key Leak and Unauthorized Data Access Vulnerability\", \n \"Content\": \"CVE ID : CVE-2024-39925 \nPublished : Sept. 13, 2024, 6:15 p.m. | 39\u00a0minutes ago \nDescription : An issue was discovered in Vaultwarden (formerly Bitwarden_RS) 1.30.3. It lacks an offboarding process for members who leave an organization. As a result, the shared organization key is not rotated when a member departs. Consequently, the departing member, whose access should be revoked, retains a copy of the organization key. Additionally, the application fails to adequately protect some encrypted data stored on the server. Consequently, an authenticated user could gain unauthorized access to encrypted data of any organization, even if the user is not a member of the targeted organization. However, the user would need to know the corresponding organizationId. Hence, if a user (whose access to an organization has been revoked) already possesses the organization key, that user could use the key to decrypt the leaked data. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"13 Sep 2024\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-09-13T21:19:05.000000Z"} https://vulnerability.circl.lu/sighting/54279d09-dbe0-4364-bef7-e52ff79291eb/export Fri, 13 Sep 2024 21:19:05 +0000 https://vulnerability.circl.lu/sighting/069d74be-e15d-46c5-b07e-d0c4bea5624e/export {"uuid": "069d74be-e15d-46c5-b07e-d0c4bea5624e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-39925", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/1013", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-39925\n\ud83d\udd39 Description: An issue was discovered in Vaultwarden (formerly Bitwarden_RS) 1.30.3. It lacks an offboarding process for members who leave an organization. As a result, the shared organization key is not rotated when a member departs. Consequently, the departing member, whose access should be revoked, retains a copy of the organization key. Additionally, the application fails to adequately protect some encrypted data stored on the server. Consequently, an authenticated user could gain unauthorized access to encrypted data of any organization, even if the user is not a member of the targeted organization. However, the user would need to know the corresponding organizationId. Hence, if a user (whose access to an organization has been revoked) already possesses the organization key, that user could use the key to decrypt the leaked data.\n\ud83d\udccf Published: 2024-09-13T00:00:00\n\ud83d\udccf Modified: 2025-01-09T17:35:37.275Z\n\ud83d\udd17 References:\n1. https://github.com/dani-garcia/vaultwarden/releases\n2. https://github.com/dani-garcia/vaultwarden/releases/tag/1.32.0\n3. https://www.mgm-sp.com/cve/missing-rotation-of-the-organization-key", "creation_timestamp": "2025-01-09T18:20:55.000000Z"} {"uuid": "069d74be-e15d-46c5-b07e-d0c4bea5624e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-39925", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/1013", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-39925\n\ud83d\udd39 Description: An issue was discovered in Vaultwarden (formerly Bitwarden_RS) 1.30.3. It lacks an offboarding process for members who leave an organization. As a result, the shared organization key is not rotated when a member departs. Consequently, the departing member, whose access should be revoked, retains a copy of the organization key. Additionally, the application fails to adequately protect some encrypted data stored on the server. Consequently, an authenticated user could gain unauthorized access to encrypted data of any organization, even if the user is not a member of the targeted organization. However, the user would need to know the corresponding organizationId. Hence, if a user (whose access to an organization has been revoked) already possesses the organization key, that user could use the key to decrypt the leaked data.\n\ud83d\udccf Published: 2024-09-13T00:00:00\n\ud83d\udccf Modified: 2025-01-09T17:35:37.275Z\n\ud83d\udd17 References:\n1. https://github.com/dani-garcia/vaultwarden/releases\n2. https://github.com/dani-garcia/vaultwarden/releases/tag/1.32.0\n3. https://www.mgm-sp.com/cve/missing-rotation-of-the-organization-key", "creation_timestamp": "2025-01-09T18:20:55.000000Z"} https://vulnerability.circl.lu/sighting/069d74be-e15d-46c5-b07e-d0c4bea5624e/export Thu, 09 Jan 2025 18:20:55 +0000