Hello people,
I didn’t find it in a hurry, but does anyone from the Bitwarden team have an eye on this?
Hunting for Nginx Alias Traversals in the wild - Leaking Bitwarden’s vault, logs, and certificates.
Hello people,
I didn’t find it in a hurry, but does anyone from the Bitwarden team have an eye on this?
Hunting for Nginx Alias Traversals in the wild - Leaking Bitwarden’s vault, logs, and certificates.
It would appear so. Here’s the relevant information from the article that you posted:
This vulnerability has been disclosed to Bitwarden and has since then been fixed.
Also interesting:
Bitwarden issued a US$6000 bounty, which is the highest bounty they issued on their HackerOne program.
Thank you for your reply
I had indeed read over that.