Releases7
Frequency1 day 6 hours
Last Release
Cross Platform Bitwarden library and CLI with sudolikeaboss.

CVE History

CVEAffectedPublishedCVSS v3CVSS v2
<= 2023.7.05.5 MEDIUM

Bitwarden Desktop 2023.7.0 and below allows an attacker with local access to obtain sensitive information via the Bitwarden.exe process.

= *, < 2023.4.07.1 HIGH

Bitwarden Windows desktop application versions prior to v2023.4.0 store biometric keys in Windows Credential Manager, accessible to other local unprivileged processes.

<= 2023.2.17.5 HIGH

Bitwarden through 2023.2.1 offers password auto-fill within a cross-domain IFRAME element. NOTE: the vendor's position is that there have been important legitimate cross-domain configurations (e.g., an apple.com IFRAME element on the icloud.com website) and that "Auto-fill on page load" is not enabled by default.

<= 2023.2.17.5 HIGH

Bitwarden through 2023.2.1 offers password auto-fill when the second-level domain matches, e.g., a password stored for an example.com hosting provider when customer-website.example.com is visited. NOTE: the vendor's position is that "Auto-fill on page load" is not enabled by default.