Vulnerabilities > Bitwarden
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-08-15 | CVE-2023-38840 | Unspecified vulnerability in Bitwarden Bitwarden Desktop 2023.7.0 and below allows an attacker with local access to obtain sensitive information via the Bitwarden.exe process. | 5.5 |
| 2023-06-09 | CVE-2023-27706 | Cleartext Storage of Sensitive Information vulnerability in Bitwarden Bitwarden Windows desktop application versions prior to v2023.4.0 store biometric keys in Windows Credential Manager, accessible to other local unprivileged processes. | 7.1 |
| 2023-03-09 | CVE-2018-25081 | Unspecified vulnerability in Bitwarden Bitwarden through 2023.2.1 offers password auto-fill within a cross-domain IFRAME element. | 7.5 |
| 2023-03-09 | CVE-2023-27974 | Unspecified vulnerability in Bitwarden Bitwarden through 2023.2.1 offers password auto-fill when the second-level domain matches, e.g., a password stored for an example.com hosting provider when customer-website.example.com is visited. | 7.5 |
| 2020-07-21 | CVE-2020-15879 | Server-Side Request Forgery (SSRF) vulnerability in Bitwarden Server 1.35.1 Bitwarden Server 1.35.1 allows SSRF because it does not consider certain IPv6 addresses (ones beginning with fc, fd, fe, or ff, and the :: address) and certain IPv4 addresses (0.0.0.0/8, 127.0.0.0/8, and 169.254.0.0/16). | 7.5 |
| 2019-12-12 | CVE-2019-19766 | Use of Password Hash With Insufficient Computational Effort vulnerability in Bitwarden Server The Bitwarden server through 1.32.0 has a potentially unwanted KDF. | 7.5 |