There is a present BSI safety warning for KeePass. You can learn right here what threatens the IT safety of MacOS X, UNIX and Windows techniques, how excessive the chance degree is and what involved customers can do.
Federal workplace for Security in Information Technology (BSI) issued a safety discover for KeePass on May 20, 2024. The working techniques MacOS X, UNIX and Windows in addition to the open supply product KeePassXC are affected by the safety hole.
The newest producer suggestions for updates, workarounds and safety patches for this vulnerability will be discovered right here: KeePassXC Release 2.7.8 (From 20 May 2024). Some helpful assets are listed later on this article.
KeePass safety warning – threat: medium
Risk degree: 4 (average)
CVSS Base Score: 5.5
CVSS interim rating: 5.0
Remote assault: No
The Common Vulnerability Scoring System (CVSS) is used to evaluate the severity of safety vulnerabilities in laptop techniques. The CVSS normal makes it potential to check potential or precise safety dangers based mostly on numerous standards to create a precedence checklist for countermeasures. The attributes “none”, “low”, “medium”, “excessive” and “extreme” are used to find out the severity ranges of vulnerability. The Base Score evaluates the necessities of an assault (together with authentication, complexity, privileges, person interplay) and its outcomes. For non permanent impact, body circumstances which will change over time are thought-about within the check. The severity of the vulnerability talked about right here is assessed as “average” in keeping with the CVSS with a base rating of 5.5.
KeePass Bug: Multiple vulnerabilities enable data disclosure
KeePass is an open supply password supervisor.
A neighborhood attacker can exploit a number of vulnerabilities in KeePass to reveal delicate data.
Vulnerabilities are numbered for every product utilizing the CVE (Common Vulnerabilities and Exposures) reference system. CVE-2024-33900 and CVE-2024-33901.
Systems affected by the KeePass safety vulnerability at a look
Operating techniques
MacOS X, UNIX, Windows
Products
KeePassXC is open supply
General steps for coping with IT vulnerabilities
- Users of affected techniques ought to keep up-to-date. When safety holes are identified, producers are required to repair them shortly by creating a patch or workaround. When new safety updates can be found, set up them instantly.
- For data, see the sources listed within the subsequent part. This usually incorporates extra details about the most recent model of the software program in query and the supply of safety patches or efficiency suggestions.
- If you’ve got any additional questions or uncertainties, please contact your accountable administrator. IT safety managers ought to frequently test the desired sources to see if a brand new safety replace is accessible.
Manufacturer details about updates, patches and workarounds
Here you will see that some hyperlinks with details about bug reviews, safety fixes and workarounds.
KeePassXC Released 2.7.8 from 2024-05-20 (20.05.2024)
For extra data, see:
GitHub Advisory GHSA-g437-xqhv-c7mq vom 2024-05-20 (20.05.2024)
For extra data, see:
GitHub Advisory GHSA-c45j-7735-f4r2 vom 2024-05-20 (20.05.2024)
For extra data, see:
Version historical past of this safety alert
This is the primary model of this KeePass IT safety discover. If updates are introduced, this doc can be up to date. You can see the adjustments made utilizing the model historical past under.
May 20, 2024 – First model
+++ Editorial word: This doc relies on present BSI knowledge and can be up to date in a data-driven method relying on the standing of the alert. We welcome suggestions and feedback at [email protected]. +++
observe News.de you might be right here Facebook, Twitter, Pinterest once more YouTube? Here you will see that sizzling information, present movies and a direct line to the editorial staff.
kns/roj/information.de