CSV Injection Vulnerability in KeePass by Dominik Reichl
CVE-2019-20184

7.8HIGH

Key Information:

Vendor: Keepass
Status: Keepass
Vendor: CVE Published:; 9 January 2020

What is CVE-2019-20184?

The KeePass password manager version 2.4.1 contains a vulnerability that allows attackers to exploit the title field during CSV exports. This flaw can lead to CSV injection, enabling malicious content to be injected into exported files. Such vulnerabilities may facilitate data manipulation attacks and compromise the integrity of exported credentials, posing risks to user data privacy and security. Users of this version should be aware of these risks and consider updating their software to mitigate potential threats.

References

https://medium.com/%40Pablo0xSantiago/cve-2019-20184-keep...

x_refsource_MISC

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 9, 2020
Vulnerability Reserved
Dec 31, 2019

Keepass

What is CVE-2019-20184?

References

CVSS V3.1

Timeline