CVE-2023-41646

MEDIUM

Buttercup v2.20.3 - Info Disclosure

Title source: llm

Description

Buttercup v2.20.3 allows attackers to obtain the hash of the master password for the password manager via accessing the file /vaults.json/

Exploits (2)

nomisec WORKING POC
by tristao-io · poc
https://github.com/tristao-io/CVE-2023-41646
inthewild WORKING POC
poc
https://github.com/tristao-marinho/cve-2023-41646

References (2)

Scores

CVSS v3 5.3
EPSS 0.0006
EPSS Percentile 18.0%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Details

CWE
CWE-916
Status published
Products (2)
npm/buttercup 2.20.3 - 7.4.0npm
perrymitchell/buttercup 2.20.3
Published Sep 07, 2023
Tracked Since Feb 18, 2026