CVE-2023-27974
Description
** DISPUTED ** Bitwarden through 2023.2.1 offers password auto-fill when the second-level domain matches, e.g., a password stored for an example.com hosting provider when customer-website.example.com is visited. NOTE: the vendor's position is that "Auto-fill on page load" is not enabled by default.
References
Third Party Advisory
ExploitThird Party Advisory
Release Notes
CvssV3 impact
Could not find any metrics
CvssV2 impact
Could not find any metrics