Enviar #628170: Buttercup Password Manager Buttercup Browser Extension <=v0.14.2 Improper Access Control – Sensitive Data Exposure (CWE-284 / CWEinformación

TítuloButtercup Password Manager Buttercup Browser Extension <=v0.14.2 Improper Access Control – Sensitive Data Exposure (CWE-284 / CWE
DescripciónThe Buttercup Browser Extension through 0.14.2 allows any visited web page to craft hidden form elements and send synthetic mouse events that force the extension to search its vault and autofill credentials. An attacker who controls page JavaScript can capture the plaintext password, leading to high confidentiality impact. Fixed in v1.0.1. PoC here: https://github.com/buttercup/buttercup-browser-extension/issues/92#issuecomment-372991430
Fuente⚠️ https://github.com/buttercup/buttercup-browser-extension/issues/92
Usuario
 lukechilds (UID 88472)
Sumisión2025-08-04 13:48 (hace 9 meses)
Moderación2025-08-13 18:23 (9 days later)
EstadoAceptado
Entrada de VulDB319969 [Buttercup buttercup-browser-extension hasta 0.14.2 Vault escalada de privilegios]
Puntos20

AnteriorVisión De ConjuntoPróximo

Want to stay up to date on a daily basis?

Enable the mail alert feature now!