CVE-2023-38840
Description
Bitwarden Desktop 2023.7.0 and below allows an attacker with local access to obtain sensitive information via the Bitwarden.exe process.
NVD
Severity: MEDIUM
CVE ID: CVE-2023-38840
CVSS Score: 5.5
CVSS Metrics: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Proof Of Concept
markuta
A proof-of-concept for (CVE-2023-38840) that extracts plaintext master passwords from a locked Bitwarden vault.
Refrence: GitHub