{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/46755?format=json","vulnerability_id":"VCID-k7g1-qb5k-s3ad","summary":"An issue was discovered in Vaultwarden (formerly Bitwarden_RS) 1.30.3. A vulnerability has been identified in the authentication and authorization process of the endpoint responsible for altering the metadata of an emergency access. It permits an attacker with granted emergency access to escalate their privileges by changing the access level and modifying the wait time. Consequently, the attacker can gain full control over the vault (when only intended to have read access) while bypassing the necessary wait period.","aliases":[{"alias":"CVE-2024-39924"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/141719?format=json","purl":"pkg:apk/alpine/vaultwarden@1.32.0-r0?arch=aarch64&distroversion=v3.24&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/vaultwarden@1.32.0-r0%3Farch=aarch64&distroversion=v3.24&reponame=community"},{"url":"http://public2.vulnerablecode.io/api/packages/141720?format=json","purl":"pkg:apk/alpine/vaultwarden@1.32.0-r0?arch=armhf&distroversion=v3.24&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/vaultwarden@1.32.0-r0%3Farch=armhf&distroversion=v3.24&reponame=community"},{"url":"http://public2.vulnerablecode.io/api/packages/141721?format=json","purl":"pkg:apk/alpine/vaultwarden@1.32.0-r0?arch=armv7&distroversion=v3.24&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/vaultwarden@1.32.0-r0%3Farch=armv7&distroversion=v3.24&reponame=community"},{"url":"http://public2.vulnerablecode.io/api/packages/141722?format=json","purl":"pkg:apk/alpine/vaultwarden@1.32.0-r0?arch=loongarch64&distroversion=v3.24&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/vaultwarden@1.32.0-r0%3Farch=loongarch64&distroversion=v3.24&reponame=community"},{"url":"http://public2.vulnerablecode.io/api/packages/141723?format=json","purl":"pkg:apk/alpine/vaultwarden@1.32.0-r0?arch=ppc64le&distroversion=v3.24&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/vaultwarden@1.32.0-r0%3Farch=ppc64le&distroversion=v3.24&reponame=community"},{"url":"http://public2.vulnerablecode.io/api/packages/141724?format=json","purl":"pkg:apk/alpine/vaultwarden@1.32.0-r0?arch=riscv64&distroversion=v3.24&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/vaultwarden@1.32.0-r0%3Farch=riscv64&distroversion=v3.24&reponame=community"},{"url":"http://public2.vulnerablecode.io/api/packages/141725?format=json","purl":"pkg:apk/alpine/vaultwarden@1.32.0-r0?arch=s390x&distroversion=v3.24&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/vaultwarden@1.32.0-r0%3Farch=s390x&distroversion=v3.24&reponame=community"},{"url":"http://public2.vulnerablecode.io/api/packages/141726?format=json","purl":"pkg:apk/alpine/vaultwarden@1.32.0-r0?arch=x86&distroversion=v3.24&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/vaultwarden@1.32.0-r0%3Farch=x86&distroversion=v3.24&reponame=community"},{"url":"http://public2.vulnerablecode.io/api/packages/141727?format=json","purl":"pkg:apk/alpine/vaultwarden@1.32.0-r0?arch=x86_64&distroversion=v3.24&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/vaultwarden@1.32.0-r0%3Farch=x86_64&distroversion=v3.24&reponame=community"},{"url":"http://public2.vulnerablecode.io/api/packages/225129?format=json","purl":"pkg:apk/alpine/vaultwarden@1.32.0-r0?arch=aarch64&distroversion=v3.23&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/vaultwarden@1.32.0-r0%3Farch=aarch64&distroversion=v3.23&reponame=community"},{"url":"http://public2.vulnerablecode.io/api/packages/225130?format=json","purl":"pkg:apk/alpine/vaultwarden@1.32.0-r0?arch=armhf&distroversion=v3.23&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/vaultwarden@1.32.0-r0%3Farch=armhf&distroversion=v3.23&reponame=community"},{"url":"http://public2.vulnerablecode.io/api/packages/225131?format=json","purl":"pkg:apk/alpine/vaultwarden@1.32.0-r0?arch=armv7&distroversion=v3.23&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/vaultwarden@1.32.0-r0%3Farch=armv7&distroversion=v3.23&reponame=community"},{"url":"http://public2.vulnerablecode.io/api/packages/225132?format=json","purl":"pkg:apk/alpine/vaultwarden@1.32.0-r0?arch=loongarch64&distroversion=v3.23&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/vaultwarden@1.32.0-r0%3Farch=loongarch64&distroversion=v3.23&reponame=community"},{"url":"http://public2.vulnerablecode.io/api/packages/225133?format=json","purl":"pkg:apk/alpine/vaultwarden@1.32.0-r0?arch=ppc64le&distroversion=v3.23&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/vaultwarden@1.32.0-r0%3Farch=ppc64le&distroversion=v3.23&reponame=community"},{"url":"http://public2.vulnerablecode.io/api/packages/225134?format=json","purl":"pkg:apk/alpine/vaultwarden@1.32.0-r0?arch=riscv64&distroversion=v3.23&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/vaultwarden@1.32.0-r0%3Farch=riscv64&distroversion=v3.23&reponame=community"},{"url":"http://public2.vulnerablecode.io/api/packages/225135?format=json","purl":"pkg:apk/alpine/vaultwarden@1.32.0-r0?arch=s390x&distroversion=v3.23&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/vaultwarden@1.32.0-r0%3Farch=s390x&distroversion=v3.23&reponame=community"},{"url":"http://public2.vulnerablecode.io/api/packages/225136?format=json","purl":"pkg:apk/alpine/vaultwarden@1.32.0-r0?arch=x86&distroversion=v3.23&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/vaultwarden@1.32.0-r0%3Farch=x86&distroversion=v3.23&reponame=community"},{"url":"http://public2.vulnerablecode.io/api/packages/225137?format=json","purl":"pkg:apk/alpine/vaultwarden@1.32.0-r0?arch=x86_64&distroversion=v3.23&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/vaultwarden@1.32.0-r0%3Farch=x86_64&distroversion=v3.23&reponame=community"},{"url":"http://public2.vulnerablecode.io/api/packages/257725?format=json","purl":"pkg:apk/alpine/vaultwarden@1.32.0-r0?arch=aarch64&distroversion=edge&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/vaultwarden@1.32.0-r0%3Farch=aarch64&distroversion=edge&reponame=community"},{"url":"http://public2.vulnerablecode.io/api/packages/257726?format=json","purl":"pkg:apk/alpine/vaultwarden@1.32.0-r0?arch=armhf&distroversion=edge&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/vaultwarden@1.32.0-r0%3Farch=armhf&distroversion=edge&reponame=community"},{"url":"http://public2.vulnerablecode.io/api/packages/257727?format=json","purl":"pkg:apk/alpine/vaultwarden@1.32.0-r0?arch=armv7&distroversion=edge&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/vaultwarden@1.32.0-r0%3Farch=armv7&distroversion=edge&reponame=community"},{"url":"http://public2.vulnerablecode.io/api/packages/257728?format=json","purl":"pkg:apk/alpine/vaultwarden@1.32.0-r0?arch=loongarch64&distroversion=edge&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/vaultwarden@1.32.0-r0%3Farch=loongarch64&distroversion=edge&reponame=community"},{"url":"http://public2.vulnerablecode.io/api/packages/257729?format=json","purl":"pkg:apk/alpine/vaultwarden@1.32.0-r0?arch=ppc64le&distroversion=edge&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/vaultwarden@1.32.0-r0%3Farch=ppc64le&distroversion=edge&reponame=community"},{"url":"http://public2.vulnerablecode.io/api/packages/257730?format=json","purl":"pkg:apk/alpine/vaultwarden@1.32.0-r0?arch=riscv64&distroversion=edge&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/vaultwarden@1.32.0-r0%3Farch=riscv64&distroversion=edge&reponame=community"},{"url":"http://public2.vulnerablecode.io/api/packages/257731?format=json","purl":"pkg:apk/alpine/vaultwarden@1.32.0-r0?arch=s390x&distroversion=edge&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/vaultwarden@1.32.0-r0%3Farch=s390x&distroversion=edge&reponame=community"},{"url":"http://public2.vulnerablecode.io/api/packages/257732?format=json","purl":"pkg:apk/alpine/vaultwarden@1.32.0-r0?arch=x86&distroversion=edge&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/vaultwarden@1.32.0-r0%3Farch=x86&distroversion=edge&reponame=community"},{"url":"http://public2.vulnerablecode.io/api/packages/257733?format=json","purl":"pkg:apk/alpine/vaultwarden@1.32.0-r0?arch=x86_64&distroversion=edge&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/vaultwarden@1.32.0-r0%3Farch=x86_64&distroversion=edge&reponame=community"},{"url":"http://public2.vulnerablecode.io/api/packages/257934?format=json","purl":"pkg:apk/alpine/vaultwarden@1.32.0?arch=aarch64&distroversion=v3.20&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/vaultwarden@1.32.0%3Farch=aarch64&distroversion=v3.20&reponame=community"},{"url":"http://public2.vulnerablecode.io/api/packages/257935?format=json","purl":"pkg:apk/alpine/vaultwarden@1.32.0?arch=armhf&distroversion=v3.20&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/vaultwarden@1.32.0%3Farch=armhf&distroversion=v3.20&reponame=community"},{"url":"http://public2.vulnerablecode.io/api/packages/257936?format=json","purl":"pkg:apk/alpine/vaultwarden@1.32.0?arch=armv7&distroversion=v3.20&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/vaultwarden@1.32.0%3Farch=armv7&distroversion=v3.20&reponame=community"},{"url":"http://public2.vulnerablecode.io/api/packages/257937?format=json","purl":"pkg:apk/alpine/vaultwarden@1.32.0?arch=ppc64le&distroversion=v3.20&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/vaultwarden@1.32.0%3Farch=ppc64le&distroversion=v3.20&reponame=community"},{"url":"http://public2.vulnerablecode.io/api/packages/257938?format=json","purl":"pkg:apk/alpine/vaultwarden@1.32.0?arch=riscv64&distroversion=v3.20&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/vaultwarden@1.32.0%3Farch=riscv64&distroversion=v3.20&reponame=community"},{"url":"http://public2.vulnerablecode.io/api/packages/257939?format=json","purl":"pkg:apk/alpine/vaultwarden@1.32.0?arch=s390x&distroversion=v3.20&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/vaultwarden@1.32.0%3Farch=s390x&distroversion=v3.20&reponame=community"},{"url":"http://public2.vulnerablecode.io/api/packages/257940?format=json","purl":"pkg:apk/alpine/vaultwarden@1.32.0?arch=x86&distroversion=v3.20&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/vaultwarden@1.32.0%3Farch=x86&distroversion=v3.20&reponame=community"},{"url":"http://public2.vulnerablecode.io/api/packages/257941?format=json","purl":"pkg:apk/alpine/vaultwarden@1.32.0?arch=x86_64&distroversion=v3.20&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/vaultwarden@1.32.0%3Farch=x86_64&distroversion=v3.20&reponame=community"},{"url":"http://public2.vulnerablecode.io/api/packages/266227?format=json","purl":"pkg:apk/alpine/vaultwarden@1.32.0-r0?arch=aarch64&distroversion=v3.22&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/vaultwarden@1.32.0-r0%3Farch=aarch64&distroversion=v3.22&reponame=community"},{"url":"http://public2.vulnerablecode.io/api/packages/266228?format=json","purl":"pkg:apk/alpine/vaultwarden@1.32.0-r0?arch=armhf&distroversion=v3.22&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/vaultwarden@1.32.0-r0%3Farch=armhf&distroversion=v3.22&reponame=community"},{"url":"http://public2.vulnerablecode.io/api/packages/266229?format=json","purl":"pkg:apk/alpine/vaultwarden@1.32.0-r0?arch=armv7&distroversion=v3.22&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/vaultwarden@1.32.0-r0%3Farch=armv7&distroversion=v3.22&reponame=community"},{"url":"http://public2.vulnerablecode.io/api/packages/266230?format=json","purl":"pkg:apk/alpine/vaultwarden@1.32.0-r0?arch=loongarch64&distroversion=v3.22&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/vaultwarden@1.32.0-r0%3Farch=loongarch64&distroversion=v3.22&reponame=community"},{"url":"http://public2.vulnerablecode.io/api/packages/266231?format=json","purl":"pkg:apk/alpine/vaultwarden@1.32.0-r0?arch=ppc64le&distroversion=v3.22&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/vaultwarden@1.32.0-r0%3Farch=ppc64le&distroversion=v3.22&reponame=community"},{"url":"http://public2.vulnerablecode.io/api/packages/266232?format=json","purl":"pkg:apk/alpine/vaultwarden@1.32.0-r0?arch=riscv64&distroversion=v3.22&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/vaultwarden@1.32.0-r0%3Farch=riscv64&distroversion=v3.22&reponame=community"},{"url":"http://public2.vulnerablecode.io/api/packages/266233?format=json","purl":"pkg:apk/alpine/vaultwarden@1.32.0-r0?arch=s390x&distroversion=v3.22&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/vaultwarden@1.32.0-r0%3Farch=s390x&distroversion=v3.22&reponame=community"},{"url":"http://public2.vulnerablecode.io/api/packages/266234?format=json","purl":"pkg:apk/alpine/vaultwarden@1.32.0-r0?arch=x86&distroversion=v3.22&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/vaultwarden@1.32.0-r0%3Farch=x86&distroversion=v3.22&reponame=community"},{"url":"http://public2.vulnerablecode.io/api/packages/266235?format=json","purl":"pkg:apk/alpine/vaultwarden@1.32.0-r0?arch=x86_64&distroversion=v3.22&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/vaultwarden@1.32.0-r0%3Farch=x86_64&distroversion=v3.22&reponame=community"}],"affected_packages":[],"references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-39924","reference_id":"","reference_type":"","scores":[{"value":"0.0025","scoring_system":"epss","scoring_elements":"0.4852","published_at":"2026-06-11T12:55:00Z"},{"value":"0.0025","scoring_system":"epss","scoring_elements":"0.48676","published_at":"2026-06-13T12:55:00Z"},{"value":"0.0025","scoring_system":"epss","scoring_elements":"0.48657","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-39924"},{"reference_url":"https://github.com/dani-garcia/vaultwarden/releases/tag/1.32.0","reference_id":"1.32.0","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-13T19:11:59Z/"}],"url":"https://github.com/dani-garcia/vaultwarden/releases/tag/1.32.0"},{"reference_url":"https://github.com/dani-garcia/vaultwarden/blob/1.30.3/src/api/core/emergency_access.rs#L115-L148","reference_id":"emergency_access.rs#L115-L148","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-13T19:11:59Z/"}],"url":"https://github.com/dani-garcia/vaultwarden/blob/1.30.3/src/api/core/emergency_access.rs#L115-L148"},{"reference_url":"https://www.mgm-sp.com/cve/missing-authentication-check-for-emergency-access","reference_id":"missing-authentication-check-for-emergency-access","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-13T19:11:59Z/"}],"url":"https://www.mgm-sp.com/cve/missing-authentication-check-for-emergency-access"}],"weaknesses":[],"exploits":[],"severity_range_score":"8.8 - 8.8","exploitability":null,"weighted_severity":null,"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-k7g1-qb5k-s3ad"}