CNNVD-202601-2387 Information
CNNVD ID
CNNVD-202601-2387
Related CVE
- CNNVD Published: 2026-01-14
Description (Chinese)
AliasVault是AliasVault开源的一个密码管理器。 AliasVault 0.25.2及之前版本存在访问控制错误漏洞,该漏洞源于Android凭证提供程序中调用应用身份、来源和RP ID验证不完整,可能导致恶意应用在特定本地条件下尝试获取未授权站点的通行密钥响应。
Description (English)
AliasVault is a password manager for AliasVault open source. AliasVault 0.25.2 and previous versions have access control error holes, which stem from the incomplete use of application identification, source and RP ID in the Android voucher delivery process, which may lead to malicious applications trying to obtain a pass key response from unauthorized sites under specific local conditions.
Hazard Level
High
Vulnerability Type
访问控制错误
Affected Vendor
AliasVault
Published
2026-01-14
Last Modified
2026-02-24
References
https://github.com/aliasvault/aliasvault/security/advisories/GHSA-mvg4-wvjv-332q https://github.com/aliasvault/aliasvault/commit/b3350473103d6138ab2b63ca130c211717eac67d https://github.com/aliasvault/aliasvault/releases/tag/0.25.3 https://github.com/aliasvault/aliasvault/pull/1441 https://github.com/aliasvault/aliasvault/issues/1440 https://access.redhat.com/security/cve/cve-2026-22694
Patch
https://github.com/aliasvault/aliasvault/releases
Share on: