CVE-2024-55225

Name of the Vulnerable Software and Affected Versions Vaultwarden versions prior to 1.32.5

Description An issue in the component src/api/identity.rs of Vaultwarden allows attackers to impersonate users, including Administrators, via a crafted authorization request. This issue enables attackers to manipulate authorization requests to gain unauthorized access.

Recommendations For versions prior to 1.32.5, update to version 1.32.5 or later to resolve the issue. As a temporary workaround, consider restricting access to the src/api/identity.rs component until a patch is applied. Avoid using crafted authorization requests in the affected API endpoint until the issue is resolved.