漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Bitwarden Server < 2026.5.0 Privilege Escalation via Bulk User Remove Endpoint
Vulnerability Description
Bitwarden Server before 2026.5.0 contains a privilege escalation vulnerability that allows authenticated Custom users with ManageUsers permission to remove Admin accounts from an organization by exploiting a missing role hierarchy check in the bulk user-remove endpoint. Attackers can supply Admin organization-user IDs in a bulk DELETE request to bypass the guard enforced on the single-user removal path, effectively removing one or more Admin accounts from an organization.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L
Vulnerability Type
授权机制缺失
Vulnerability Title
Bitwarden Server 授权问题漏洞
Vulnerability Description
Bitwarden server是美国Bitwarden公司开源的一款密码管理服务器软件。 Bitwarden Server 2026.5.0之前版本存在授权问题漏洞,该漏洞源于批量用户移除端点缺少角色层次检查,可能导致经过身份验证的具有ManageUsers权限的Custom用户移除组织中的Admin账户。
CVSS Information
N/A
Vulnerability Type
N/A