All incidents

Bug bounty results

<svg onload="confirm(document.domain)">'); ?></svg>
Product affected:Passbolt Web Extension & Microsoft Excel or similar
Version affected:v2.10 and below.
Version fixed:Won't fix
Affected component:CSV file export.
Vulnerability Type:OS Command Injection (CWE-78)
CVSS Score:5 (Medium)
=cmd|' /C notepad'!'A1'
  • 2019-07-30: Security researcher notifies passbolt team about the issues.
  • 2019-08-01: Security researcher notifies an additional issue.
  • 2019-08-01: Passbolt acknowledges the issue and start working on a fix.
  • 2019-08-05: Fixes are ready and included as part of v2.11 release UAT.
  • 2019-08-07: Passbolt publishes a fix.
Flag of European UnionMade in Europe. Privacy by default.