Show filters
7 Total Results
Displaying 1-7 of 7
Sort by:
Attacker Value
Unknown

CVE-2023-49949

Disclosure Date: December 26, 2023 (last updated January 05, 2024)
Passwork before 6.2.0 allows remote authenticated users to bypass 2FA by sending all one million of the possible 6-digit codes.
Attack Vector: NetworkPrivileges: LowUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2022-42955

Disclosure Date: November 07, 2022 (last updated February 24, 2025)
The PassWork extension 5.0.9 for Chrome and other browsers allows an attacker to obtain cleartext cached credentials.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2022-42956

Disclosure Date: November 07, 2022 (last updated February 24, 2025)
The PassWork extension 5.0.9 for Chrome and other browsers allows an attacker to obtain the cleartext master password.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2022-25269

Disclosure Date: March 23, 2022 (last updated February 23, 2025)
Passwork On-Premise Edition before 4.6.13 has multiple XSS issues.
Attack Vector: NetworkPrivileges: NoneUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2022-25268

Disclosure Date: March 23, 2022 (last updated February 23, 2025)
Passwork On-Premise Edition before 4.6.13 allows CSRF via the groups, password, and history subsystems.
Attack Vector: NetworkPrivileges: NoneUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2022-25267

Disclosure Date: March 23, 2022 (last updated February 23, 2025)
Passwork On-Premise Edition before 4.6.13 allows migration/uploadExportFile Directory Traversal (to upload files).
Attack Vector: NetworkPrivileges: LowUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2022-25266

Disclosure Date: March 23, 2022 (last updated February 23, 2025)
Passwork On-Premise Edition before 4.6.13 allows migration/downloadExportFile Directory Traversal (to read files).
Attack Vector: NetworkPrivileges: LowUser Interaction: None
0
0