Vulnerability Details CVE-2023-24055
KeePass through 2.53 (in a default installation) allows an attacker, who has write access to the XML configuration file, to obtain the cleartext passwords by adding an export trigger. NOTE: the vendor's position is that the password database is not intended to be secure against an attacker who has that level of access to the local PC.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.352
EPSS Ranking 96.8%
CVSS Severity
CVSS v3 Score 5.5
References
- https://securityboulevard.com/2023/01/keepass-password-manager-leak-cve-richixbw/
- https://sourceforge.net/p/keepass/discussion/329220/thread/a146e5cf6b/
- https://sourceforge.net/p/keepass/feature-requests/2773/
- https://securityboulevard.com/2023/01/keepass-password-manager-leak-cve-richixbw/
- https://sourceforge.net/p/keepass/discussion/329220/thread/a146e5cf6b/
- https://sourceforge.net/p/keepass/feature-requests/2773/
Products affected by CVE-2023-24055
-
cpe:2.3:a:keepass:keepass:0.8
-
cpe:2.3:a:keepass:keepass:0.81
-
cpe:2.3:a:keepass:keepass:0.82
-
cpe:2.3:a:keepass:keepass:0.83
-
cpe:2.3:a:keepass:keepass:0.84
-
cpe:2.3:a:keepass:keepass:0.85
-
cpe:2.3:a:keepass:keepass:0.86
-
cpe:2.3:a:keepass:keepass:0.87
-
cpe:2.3:a:keepass:keepass:0.88
-
cpe:2.3:a:keepass:keepass:0.89
-
cpe:2.3:a:keepass:keepass:0.90
-
cpe:2.3:a:keepass:keepass:0.91
-
cpe:2.3:a:keepass:keepass:0.92
-
cpe:2.3:a:keepass:keepass:0.93
-
cpe:2.3:a:keepass:keepass:0.94
-
cpe:2.3:a:keepass:keepass:0.95
-
cpe:2.3:a:keepass:keepass:0.96
-
cpe:2.3:a:keepass:keepass:0.97
-
cpe:2.3:a:keepass:keepass:0.98
-
cpe:2.3:a:keepass:keepass:0.99
-
cpe:2.3:a:keepass:keepass:1.00
-
cpe:2.3:a:keepass:keepass:1.01
-
cpe:2.3:a:keepass:keepass:1.02
-
cpe:2.3:a:keepass:keepass:1.03
-
cpe:2.3:a:keepass:keepass:1.04
-
cpe:2.3:a:keepass:keepass:1.05
-
cpe:2.3:a:keepass:keepass:1.06
-
cpe:2.3:a:keepass:keepass:1.07
-
cpe:2.3:a:keepass:keepass:1.08
-
cpe:2.3:a:keepass:keepass:1.09
-
cpe:2.3:a:keepass:keepass:1.10
-
cpe:2.3:a:keepass:keepass:1.11
-
cpe:2.3:a:keepass:keepass:1.12
-
cpe:2.3:a:keepass:keepass:1.13
-
cpe:2.3:a:keepass:keepass:1.14
-
cpe:2.3:a:keepass:keepass:1.15
-
cpe:2.3:a:keepass:keepass:1.16
-
cpe:2.3:a:keepass:keepass:1.17
-
cpe:2.3:a:keepass:keepass:1.18
-
cpe:2.3:a:keepass:keepass:1.19
-
cpe:2.3:a:keepass:keepass:1.20
-
cpe:2.3:a:keepass:keepass:1.21
-
cpe:2.3:a:keepass:keepass:1.22
-
cpe:2.3:a:keepass:keepass:1.23
-
cpe:2.3:a:keepass:keepass:1.24
-
cpe:2.3:a:keepass:keepass:1.25
-
cpe:2.3:a:keepass:keepass:1.26
-
cpe:2.3:a:keepass:keepass:1.27
-
cpe:2.3:a:keepass:keepass:1.28
-
cpe:2.3:a:keepass:keepass:1.29
-
cpe:2.3:a:keepass:keepass:1.30
-
cpe:2.3:a:keepass:keepass:1.31
-
cpe:2.3:a:keepass:keepass:1.32
-
cpe:2.3:a:keepass:keepass:1.33
-
cpe:2.3:a:keepass:keepass:1.34
-
cpe:2.3:a:keepass:keepass:1.35
-
cpe:2.3:a:keepass:keepass:1.36
-
cpe:2.3:a:keepass:keepass:1.37
-
cpe:2.3:a:keepass:keepass:1.38
-
cpe:2.3:a:keepass:keepass:1.39
-
cpe:2.3:a:keepass:keepass:1.40
-
cpe:2.3:a:keepass:keepass:1.40.1
-
cpe:2.3:a:keepass:keepass:1.41
-
cpe:2.3:a:keepass:keepass:2.00
-
cpe:2.3:a:keepass:keepass:2.01
-
cpe:2.3:a:keepass:keepass:2.02
-
cpe:2.3:a:keepass:keepass:2.03
-
cpe:2.3:a:keepass:keepass:2.04
-
cpe:2.3:a:keepass:keepass:2.05
-
cpe:2.3:a:keepass:keepass:2.06
-
cpe:2.3:a:keepass:keepass:2.07
-
cpe:2.3:a:keepass:keepass:2.08
-
cpe:2.3:a:keepass:keepass:2.09
-
cpe:2.3:a:keepass:keepass:2.10
-
cpe:2.3:a:keepass:keepass:2.11
-
cpe:2.3:a:keepass:keepass:2.12
-
cpe:2.3:a:keepass:keepass:2.13
-
cpe:2.3:a:keepass:keepass:2.14
-
cpe:2.3:a:keepass:keepass:2.15
-
cpe:2.3:a:keepass:keepass:2.16
-
cpe:2.3:a:keepass:keepass:2.17
-
cpe:2.3:a:keepass:keepass:2.18
-
cpe:2.3:a:keepass:keepass:2.19
-
cpe:2.3:a:keepass:keepass:2.20
-
cpe:2.3:a:keepass:keepass:2.20.1
-
cpe:2.3:a:keepass:keepass:2.21
-
cpe:2.3:a:keepass:keepass:2.22
-
cpe:2.3:a:keepass:keepass:2.23
-
cpe:2.3:a:keepass:keepass:2.24
-
cpe:2.3:a:keepass:keepass:2.25
-
cpe:2.3:a:keepass:keepass:2.26
-
cpe:2.3:a:keepass:keepass:2.27
-
cpe:2.3:a:keepass:keepass:2.28
-
cpe:2.3:a:keepass:keepass:2.29
-
cpe:2.3:a:keepass:keepass:2.30
-
cpe:2.3:a:keepass:keepass:2.31
-
cpe:2.3:a:keepass:keepass:2.32
-
cpe:2.3:a:keepass:keepass:2.33
-
cpe:2.3:a:keepass:keepass:2.34
-
cpe:2.3:a:keepass:keepass:2.35
-
cpe:2.3:a:keepass:keepass:2.36
-
cpe:2.3:a:keepass:keepass:2.37
-
cpe:2.3:a:keepass:keepass:2.38
-
cpe:2.3:a:keepass:keepass:2.39
-
cpe:2.3:a:keepass:keepass:2.4.1
-
cpe:2.3:a:keepass:keepass:2.40
-
cpe:2.3:a:keepass:keepass:2.41
-
cpe:2.3:a:keepass:keepass:2.42
-
cpe:2.3:a:keepass:keepass:2.42.1
-
cpe:2.3:a:keepass:keepass:2.43
-
cpe:2.3:a:keepass:keepass:2.44
-
cpe:2.3:a:keepass:keepass:2.45
-
cpe:2.3:a:keepass:keepass:2.46
-
cpe:2.3:a:keepass:keepass:2.47
-
cpe:2.3:a:keepass:keepass:2.48
-
cpe:2.3:a:keepass:keepass:2.48.1
-
cpe:2.3:a:keepass:keepass:2.49
-
cpe:2.3:a:keepass:keepass:2.50
-
cpe:2.3:a:keepass:keepass:2.51
-
cpe:2.3:a:keepass:keepass:2.51.1
-
cpe:2.3:a:keepass:keepass:2.52
-
cpe:2.3:a:keepass:keepass:2.53