Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

New CVE #335

Closed
dm82m opened this issue Dec 20, 2024 · 3 comments
Closed

New CVE #335

dm82m opened this issue Dec 20, 2024 · 3 comments

Comments

@dm82m
Copy link

dm82m commented Dec 20, 2024

Problem

there is a critical cve reported and fixed: https://github.com/dani-garcia/vaultwarden/releases/tag/1.32.7

Proposed changes

Update to the latest version.

maybe you could upgrade it @frenck , much appreciated.
@dm82m
Copy link
Author

dm82m commented Dec 20, 2024

Renovate already updated, so only the release is open: 47b6562

@sinclairpaul
Copy link
Member

sinclairpaul commented Dec 20, 2024
edited
Loading

Adding the details of the workarounds, which likely already apply to the majority of users. Should note ORG_GROUPS_ENABLED is default to off.

Workarounds
If it's not possible to update to 1.32.7, some possible workarounds are:

Disabling ORG_GROUPS_ENABLED, which would disable groups functionality on the server.
Disabling SIGNUPS_ALLOWED, which would not allow an attacker to create new accounts on the server.

@frenck
Copy link
Member

frenck commented Dec 22, 2024

https://github.com/hassio-addons/addon-bitwarden/releases/tag/v0.23.7

@frenck frenck closed this as not planned Won't fix, can't repro, duplicate, stale Dec 22, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@frenck @dm82m @sinclairpaul