| 제목 | Buttercup Password Manager Buttercup Browser Extension <=v0.14.2 Improper Access Control – Sensitive Data Exposure (CWE-284 / CWE |
|---|
| 설명 | The Buttercup Browser Extension through 0.14.2 allows any visited web page to craft hidden form elements and send synthetic mouse events that force the extension to search its vault and autofill credentials. An attacker who controls page JavaScript can capture the plaintext password, leading to high confidentiality impact. Fixed in v1.0.1.
PoC here: https://github.com/buttercup/buttercup-browser-extension/issues/92#issuecomment-372991430 |
|---|
| 원천 | ⚠️ https://github.com/buttercup/buttercup-browser-extension/issues/92 |
|---|
| 사용자 | lukechilds (UID 88472) |
|---|
| 제출 | 2025. 08. 04. PM 01:48 (8 개월 ago) |
|---|
| 모더레이션 | 2025. 08. 13. PM 06:23 (9 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 319969 [Buttercup buttercup-browser-extension 까지 0.14.2 Vault 권한 상승] |
|---|
| 포인트들 | 20 |
|---|