Vulnerabilities > Passwork

DATE CVE VULNERABILITY TITLE RISK
2023-12-26 CVE-2023-49949 Incorrect Authorization vulnerability in Passwork 4.6.13/5.0.9
Passwork before 6.2.0 allows remote authenticated users to bypass 2FA by sending all one million of the possible 6-digit codes.
network
low complexity
passwork CWE-863
8.1
8.1
2022-11-07 CVE-2022-42955 Cleartext Storage of Sensitive Information vulnerability in Passwork 5.0.9
The PassWork extension 5.0.9 for Chrome and other browsers allows an attacker to obtain cleartext cached credentials.
network
low complexity
passwork CWE-312
7.5
7.5
2022-11-07 CVE-2022-42956 Cleartext Storage of Sensitive Information vulnerability in Passwork 5.0.9
The PassWork extension 5.0.9 for Chrome and other browsers allows an attacker to obtain the cleartext master password.
network
low complexity
passwork CWE-312
7.5
7.5
2022-03-23 CVE-2022-25266 Path Traversal vulnerability in Passwork
Passwork On-Premise Edition before 4.6.13 allows migration/downloadExportFile Directory Traversal (to read files).
network
low complexity
passwork CWE-22
4.3
4.3
2022-03-23 CVE-2022-25267 Path Traversal vulnerability in Passwork
Passwork On-Premise Edition before 4.6.13 allows migration/uploadExportFile Directory Traversal (to upload files).
network
low complexity
passwork CWE-22
8.8
8.8
2022-03-23 CVE-2022-25268 Cross-Site Request Forgery (CSRF) vulnerability in Passwork
Passwork On-Premise Edition before 4.6.13 allows CSRF via the groups, password, and history subsystems.
network
low complexity
passwork CWE-352
8.8
8.8
2022-03-23 CVE-2022-25269 Cross-site Scripting vulnerability in Passwork
Passwork On-Premise Edition before 4.6.13 has multiple XSS issues.
network
low complexity
passwork CWE-79
6.1
6.1