Vulnerability Instance
Lookup for vulnerabilities affecting packages.
GET /api/vulnerabilities/46755?format=api
{ "url": "http://public2.vulnerablecode.io/api/vulnerabilities/46755?format=api", "vulnerability_id": "VCID-k7g1-qb5k-s3ad", "summary": "An issue was discovered in Vaultwarden (formerly Bitwarden_RS) 1.30.3. A vulnerability has been identified in the authentication and authorization process of the endpoint responsible for altering the metadata of an emergency access. It permits an attacker with granted emergency access to escalate their privileges by changing the access level and modifying the wait time. Consequently, the attacker can gain full control over the vault (when only intended to have read access) while bypassing the necessary wait period.", "aliases": [ { "alias": "CVE-2024-39924" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/141719?format=api", "purl": "pkg:apk/alpine/vaultwarden@1.32.0-r0?arch=aarch64&distroversion=v3.24&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/vaultwarden@1.32.0-r0%3Farch=aarch64&distroversion=v3.24&reponame=community" }, { "url": "http://public2.vulnerablecode.io/api/packages/141720?format=api", "purl": "pkg:apk/alpine/vaultwarden@1.32.0-r0?arch=armhf&distroversion=v3.24&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/vaultwarden@1.32.0-r0%3Farch=armhf&distroversion=v3.24&reponame=community" }, { "url": "http://public2.vulnerablecode.io/api/packages/141721?format=api", "purl": "pkg:apk/alpine/vaultwarden@1.32.0-r0?arch=armv7&distroversion=v3.24&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/vaultwarden@1.32.0-r0%3Farch=armv7&distroversion=v3.24&reponame=community" }, { "url": "http://public2.vulnerablecode.io/api/packages/141722?format=api", "purl": "pkg:apk/alpine/vaultwarden@1.32.0-r0?arch=loongarch64&distroversion=v3.24&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/vaultwarden@1.32.0-r0%3Farch=loongarch64&distroversion=v3.24&reponame=community" }, { "url": "http://public2.vulnerablecode.io/api/packages/141723?format=api", "purl": "pkg:apk/alpine/vaultwarden@1.32.0-r0?arch=ppc64le&distroversion=v3.24&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/vaultwarden@1.32.0-r0%3Farch=ppc64le&distroversion=v3.24&reponame=community" }, { "url": "http://public2.vulnerablecode.io/api/packages/141724?format=api", "purl": "pkg:apk/alpine/vaultwarden@1.32.0-r0?arch=riscv64&distroversion=v3.24&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/vaultwarden@1.32.0-r0%3Farch=riscv64&distroversion=v3.24&reponame=community" }, { "url": "http://public2.vulnerablecode.io/api/packages/141725?format=api", "purl": "pkg:apk/alpine/vaultwarden@1.32.0-r0?arch=s390x&distroversion=v3.24&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/vaultwarden@1.32.0-r0%3Farch=s390x&distroversion=v3.24&reponame=community" }, { "url": "http://public2.vulnerablecode.io/api/packages/141726?format=api", "purl": "pkg:apk/alpine/vaultwarden@1.32.0-r0?arch=x86&distroversion=v3.24&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/vaultwarden@1.32.0-r0%3Farch=x86&distroversion=v3.24&reponame=community" }, { "url": "http://public2.vulnerablecode.io/api/packages/141727?format=api", "purl": "pkg:apk/alpine/vaultwarden@1.32.0-r0?arch=x86_64&distroversion=v3.24&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/vaultwarden@1.32.0-r0%3Farch=x86_64&distroversion=v3.24&reponame=community" }, { "url": "http://public2.vulnerablecode.io/api/packages/225129?format=api", "purl": "pkg:apk/alpine/vaultwarden@1.32.0-r0?arch=aarch64&distroversion=v3.23&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/vaultwarden@1.32.0-r0%3Farch=aarch64&distroversion=v3.23&reponame=community" }, { "url": "http://public2.vulnerablecode.io/api/packages/225130?format=api", "purl": "pkg:apk/alpine/vaultwarden@1.32.0-r0?arch=armhf&distroversion=v3.23&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/vaultwarden@1.32.0-r0%3Farch=armhf&distroversion=v3.23&reponame=community" }, { "url": "http://public2.vulnerablecode.io/api/packages/225131?format=api", "purl": "pkg:apk/alpine/vaultwarden@1.32.0-r0?arch=armv7&distroversion=v3.23&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/vaultwarden@1.32.0-r0%3Farch=armv7&distroversion=v3.23&reponame=community" }, { "url": "http://public2.vulnerablecode.io/api/packages/225132?format=api", "purl": "pkg:apk/alpine/vaultwarden@1.32.0-r0?arch=loongarch64&distroversion=v3.23&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/vaultwarden@1.32.0-r0%3Farch=loongarch64&distroversion=v3.23&reponame=community" }, { "url": "http://public2.vulnerablecode.io/api/packages/225133?format=api", "purl": "pkg:apk/alpine/vaultwarden@1.32.0-r0?arch=ppc64le&distroversion=v3.23&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/vaultwarden@1.32.0-r0%3Farch=ppc64le&distroversion=v3.23&reponame=community" }, { "url": "http://public2.vulnerablecode.io/api/packages/225134?format=api", "purl": "pkg:apk/alpine/vaultwarden@1.32.0-r0?arch=riscv64&distroversion=v3.23&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/vaultwarden@1.32.0-r0%3Farch=riscv64&distroversion=v3.23&reponame=community" }, { "url": "http://public2.vulnerablecode.io/api/packages/225135?format=api", "purl": "pkg:apk/alpine/vaultwarden@1.32.0-r0?arch=s390x&distroversion=v3.23&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/vaultwarden@1.32.0-r0%3Farch=s390x&distroversion=v3.23&reponame=community" }, { "url": "http://public2.vulnerablecode.io/api/packages/225136?format=api", "purl": "pkg:apk/alpine/vaultwarden@1.32.0-r0?arch=x86&distroversion=v3.23&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/vaultwarden@1.32.0-r0%3Farch=x86&distroversion=v3.23&reponame=community" }, { "url": "http://public2.vulnerablecode.io/api/packages/225137?format=api", "purl": "pkg:apk/alpine/vaultwarden@1.32.0-r0?arch=x86_64&distroversion=v3.23&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/vaultwarden@1.32.0-r0%3Farch=x86_64&distroversion=v3.23&reponame=community" }, { "url": "http://public2.vulnerablecode.io/api/packages/257725?format=api", "purl": "pkg:apk/alpine/vaultwarden@1.32.0-r0?arch=aarch64&distroversion=edge&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/vaultwarden@1.32.0-r0%3Farch=aarch64&distroversion=edge&reponame=community" }, { "url": "http://public2.vulnerablecode.io/api/packages/257726?format=api", "purl": "pkg:apk/alpine/vaultwarden@1.32.0-r0?arch=armhf&distroversion=edge&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/vaultwarden@1.32.0-r0%3Farch=armhf&distroversion=edge&reponame=community" }, { "url": "http://public2.vulnerablecode.io/api/packages/257727?format=api", "purl": "pkg:apk/alpine/vaultwarden@1.32.0-r0?arch=armv7&distroversion=edge&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/vaultwarden@1.32.0-r0%3Farch=armv7&distroversion=edge&reponame=community" }, { "url": "http://public2.vulnerablecode.io/api/packages/257728?format=api", "purl": "pkg:apk/alpine/vaultwarden@1.32.0-r0?arch=loongarch64&distroversion=edge&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/vaultwarden@1.32.0-r0%3Farch=loongarch64&distroversion=edge&reponame=community" }, { "url": "http://public2.vulnerablecode.io/api/packages/257729?format=api", "purl": "pkg:apk/alpine/vaultwarden@1.32.0-r0?arch=ppc64le&distroversion=edge&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/vaultwarden@1.32.0-r0%3Farch=ppc64le&distroversion=edge&reponame=community" }, { "url": "http://public2.vulnerablecode.io/api/packages/257730?format=api", "purl": "pkg:apk/alpine/vaultwarden@1.32.0-r0?arch=riscv64&distroversion=edge&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/vaultwarden@1.32.0-r0%3Farch=riscv64&distroversion=edge&reponame=community" }, { "url": "http://public2.vulnerablecode.io/api/packages/257731?format=api", "purl": "pkg:apk/alpine/vaultwarden@1.32.0-r0?arch=s390x&distroversion=edge&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/vaultwarden@1.32.0-r0%3Farch=s390x&distroversion=edge&reponame=community" }, { "url": "http://public2.vulnerablecode.io/api/packages/257732?format=api", "purl": "pkg:apk/alpine/vaultwarden@1.32.0-r0?arch=x86&distroversion=edge&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/vaultwarden@1.32.0-r0%3Farch=x86&distroversion=edge&reponame=community" }, { "url": "http://public2.vulnerablecode.io/api/packages/257733?format=api", "purl": "pkg:apk/alpine/vaultwarden@1.32.0-r0?arch=x86_64&distroversion=edge&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/vaultwarden@1.32.0-r0%3Farch=x86_64&distroversion=edge&reponame=community" }, { "url": "http://public2.vulnerablecode.io/api/packages/257934?format=api", "purl": "pkg:apk/alpine/vaultwarden@1.32.0?arch=aarch64&distroversion=v3.20&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/vaultwarden@1.32.0%3Farch=aarch64&distroversion=v3.20&reponame=community" }, { "url": "http://public2.vulnerablecode.io/api/packages/257935?format=api", "purl": "pkg:apk/alpine/vaultwarden@1.32.0?arch=armhf&distroversion=v3.20&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/vaultwarden@1.32.0%3Farch=armhf&distroversion=v3.20&reponame=community" }, { "url": "http://public2.vulnerablecode.io/api/packages/257936?format=api", "purl": "pkg:apk/alpine/vaultwarden@1.32.0?arch=armv7&distroversion=v3.20&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/vaultwarden@1.32.0%3Farch=armv7&distroversion=v3.20&reponame=community" }, { "url": "http://public2.vulnerablecode.io/api/packages/257937?format=api", "purl": "pkg:apk/alpine/vaultwarden@1.32.0?arch=ppc64le&distroversion=v3.20&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/vaultwarden@1.32.0%3Farch=ppc64le&distroversion=v3.20&reponame=community" }, { "url": "http://public2.vulnerablecode.io/api/packages/257938?format=api", "purl": "pkg:apk/alpine/vaultwarden@1.32.0?arch=riscv64&distroversion=v3.20&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/vaultwarden@1.32.0%3Farch=riscv64&distroversion=v3.20&reponame=community" }, { "url": "http://public2.vulnerablecode.io/api/packages/257939?format=api", "purl": "pkg:apk/alpine/vaultwarden@1.32.0?arch=s390x&distroversion=v3.20&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/vaultwarden@1.32.0%3Farch=s390x&distroversion=v3.20&reponame=community" }, { "url": "http://public2.vulnerablecode.io/api/packages/257940?format=api", "purl": "pkg:apk/alpine/vaultwarden@1.32.0?arch=x86&distroversion=v3.20&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/vaultwarden@1.32.0%3Farch=x86&distroversion=v3.20&reponame=community" }, { "url": "http://public2.vulnerablecode.io/api/packages/257941?format=api", "purl": "pkg:apk/alpine/vaultwarden@1.32.0?arch=x86_64&distroversion=v3.20&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/vaultwarden@1.32.0%3Farch=x86_64&distroversion=v3.20&reponame=community" }, { "url": "http://public2.vulnerablecode.io/api/packages/266227?format=api", "purl": "pkg:apk/alpine/vaultwarden@1.32.0-r0?arch=aarch64&distroversion=v3.22&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/vaultwarden@1.32.0-r0%3Farch=aarch64&distroversion=v3.22&reponame=community" }, { "url": "http://public2.vulnerablecode.io/api/packages/266228?format=api", "purl": "pkg:apk/alpine/vaultwarden@1.32.0-r0?arch=armhf&distroversion=v3.22&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/vaultwarden@1.32.0-r0%3Farch=armhf&distroversion=v3.22&reponame=community" }, { "url": "http://public2.vulnerablecode.io/api/packages/266229?format=api", "purl": "pkg:apk/alpine/vaultwarden@1.32.0-r0?arch=armv7&distroversion=v3.22&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/vaultwarden@1.32.0-r0%3Farch=armv7&distroversion=v3.22&reponame=community" }, { "url": "http://public2.vulnerablecode.io/api/packages/266230?format=api", "purl": "pkg:apk/alpine/vaultwarden@1.32.0-r0?arch=loongarch64&distroversion=v3.22&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/vaultwarden@1.32.0-r0%3Farch=loongarch64&distroversion=v3.22&reponame=community" }, { "url": "http://public2.vulnerablecode.io/api/packages/266231?format=api", "purl": "pkg:apk/alpine/vaultwarden@1.32.0-r0?arch=ppc64le&distroversion=v3.22&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/vaultwarden@1.32.0-r0%3Farch=ppc64le&distroversion=v3.22&reponame=community" }, { "url": "http://public2.vulnerablecode.io/api/packages/266232?format=api", "purl": "pkg:apk/alpine/vaultwarden@1.32.0-r0?arch=riscv64&distroversion=v3.22&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/vaultwarden@1.32.0-r0%3Farch=riscv64&distroversion=v3.22&reponame=community" }, { "url": "http://public2.vulnerablecode.io/api/packages/266233?format=api", "purl": "pkg:apk/alpine/vaultwarden@1.32.0-r0?arch=s390x&distroversion=v3.22&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/vaultwarden@1.32.0-r0%3Farch=s390x&distroversion=v3.22&reponame=community" }, { "url": "http://public2.vulnerablecode.io/api/packages/266234?format=api", "purl": "pkg:apk/alpine/vaultwarden@1.32.0-r0?arch=x86&distroversion=v3.22&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/vaultwarden@1.32.0-r0%3Farch=x86&distroversion=v3.22&reponame=community" }, { "url": "http://public2.vulnerablecode.io/api/packages/266235?format=api", "purl": "pkg:apk/alpine/vaultwarden@1.32.0-r0?arch=x86_64&distroversion=v3.22&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/vaultwarden@1.32.0-r0%3Farch=x86_64&distroversion=v3.22&reponame=community" } ], "affected_packages": [], "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-39924", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0025", "scoring_system": "epss", "scoring_elements": "0.4852", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.0025", "scoring_system": "epss", "scoring_elements": "0.48662", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.0025", "scoring_system": "epss", "scoring_elements": "0.48676", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.0025", "scoring_system": "epss", "scoring_elements": "0.48657", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-39924" }, { "reference_url": "https://github.com/dani-garcia/vaultwarden/releases/tag/1.32.0", "reference_id": "1.32.0", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-13T19:11:59Z/" } ], "url": "https://github.com/dani-garcia/vaultwarden/releases/tag/1.32.0" }, { "reference_url": "https://github.com/dani-garcia/vaultwarden/blob/1.30.3/src/api/core/emergency_access.rs#L115-L148", "reference_id": "emergency_access.rs#L115-L148", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-13T19:11:59Z/" } ], "url": "https://github.com/dani-garcia/vaultwarden/blob/1.30.3/src/api/core/emergency_access.rs#L115-L148" }, { "reference_url": "https://www.mgm-sp.com/cve/missing-authentication-check-for-emergency-access", "reference_id": "missing-authentication-check-for-emergency-access", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-13T19:11:59Z/" } ], "url": "https://www.mgm-sp.com/cve/missing-authentication-check-for-emergency-access" } ], "weaknesses": [], "exploits": [], "severity_range_score": "8.8 - 8.8", "exploitability": null, "weighted_severity": null, "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-k7g1-qb5k-s3ad" }