CVE-2022-25570

Name of the Vulnerable Software and Affected Versions Click Studios (SA) Pty Ltd Passwordstate version 9435

Description The issue allows users with access to a password list to gain access to additional password lists without permissions. Specifically, an authenticated user who has write permissions to a password list in one folder, with the default permission model, can extend their permissions to all other password lists in the same folder.

Recommendations For Click Studios (SA) Pty Ltd Passwordstate version 9435, consider restricting access to password lists and reviewing the default permission model to minimize the risk of exploitation. As a temporary workaround, consider disabling write permissions to password lists in sensitive folders until a patch is available.