Bug 2336818 (CVE-2024-55225)

Summary: CVE-2024-55225 vaultwarden: Vaultwarden: Authentication bypass allows user impersonation via crafted authorization request
Product: [Other] Security Response Reporter: OSIDB Bzimport <bzimport>
Component: vulnerabilityAssignee: Product Security DevOps Team <prodsec-dev>
Status: NEW --- QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedKeywords: Security
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
A flaw was found in Vaultwarden in the component src/api/identity.rs. This vulnerability allows attackers to impersonate users, including Administrators, via a crafted authorization request.
 Story Points: ---
Clone Of: Environment:
Last Closed: Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 2336829, 2336830, 2336831    
Bug Blocks:    

Description OSIDB Bzimport 2025-01-09 22:01:10 UTC 
An issue in the component src/api/identity.rs of Vaultwarden prior to v1.32.5 allows attackers to impersonate users, including Administrators, via a crafted authorization request.