CVE Vulnerabilities for Bitwarden Server
| CVE | Published | Severity | Details | Exploitability | Impact | Vector |
|---|---|---|---|---|---|---|
| CVE‑2020‑15879 | 2020‑07‑21 17:15:12 | HIGH (8) | Bitwarden Server 1.35.1 allows SSRF because it does not consider certain IPv6 addresses (ones beginning with fc, fd, fe, or ff, and the :: address) and certain IPv4 addresses (0.0.0.0/8, 127.0.0.0/8, and 169.254.0.0/16). | 4 | 4 | NETWORK |
| CVE‑2019‑19766 | 2019‑12‑12 19:15:21 | HIGH (8) | The Bitwarden server through 1.32.0 has a potentially unwanted KDF. | 4 | 4 | NETWORK |
View OS-specific patching for:
Windows Mac Linux
Logos, products, trade names, and company names are all the property of their respective trademark holders.
The above listing includes products that Lavawall® monitors through public information and/or proprietary statistical analysis.
Although we do have a partner relationship with some of the listed products and companies, they do not necessarily endorse Lavawall® or have integrations with our systems.