{"id":"CVE-2024-39846","details":"NewPass before 1.2.0 stores passwords (rather than password hashes) directly, which makes it easier to obtain unauthorized access to sensitive information. NOTE: in each case, data at rest is encrypted, but is decrypted within process memory during use.","modified":"2026-05-18T11:54:35.877483314Z","published":"2024-06-29T00:00:00Z","database_specific":{"cna_assigner":"mitre","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/39xxx/CVE-2024-39846.json"},"references":[{"type":"WEB","url":"https://github.com/6eero/NewPass/releases/tag/v1.2.0"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/39xxx/CVE-2024-39846.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2024-39846"},{"type":"FIX","url":"https://github.com/6eero/NewPass/commit/13f0a844d64927450fa751deb7cc06beba699720"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/6eero/newpass","events":[{"introduced":"0"},{"fixed":"4f2f168687d8086b189566499d11d2ffa3e4a1a8"}]}],"versions":["v1.1.10","v1.1.9","v1.1.7","v1.1.6","v1.1.4","v1.1.3","v1.1.2","v1.1.1","v1.1.0","v1.0.0"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-39846.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"}]}