PT-2023-28020 · Buttercup · Buttercup

Published

2023-09-07

Updated

2023-09-12

CVE-2023-41646

CVSS v3.1

5.3

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions Buttercup version 2.20.3

Description The issue allows attackers to obtain the hash of the master password for the password manager via accessing the file /vaults.json/. This affects the Buttercup app up to version 2.20.3.

Recommendations For version 2.20.3, consider restricting access to the /vaults.json/ file until a patch is available. As a temporary workaround, avoid using the Buttercup app with sensitive information until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-916

Related Identifiers

CVE-2023-41646

GHSA-7CWQ-P8CR-H9QG

Affected Products

Buttercup

PT-2023-28020 · Buttercup · Buttercup

CVE-2023-41646

Weakness Enumeration

Related Identifiers

Affected Products

References · 12