Skip to content

feat(emergency-access): [PM-29585] Prevent New EA Invitations or Acceptance #6940

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
Patrick-Pimentel-Bitwarden wants to merge 2 commits into
base: main
Choose a base branch
from
Draft

feat(emergency-access): [PM-29585] Prevent New EA Invitations or Acceptance #6940

Patrick-Pimentel-Bitwarden wants to merge 2 commits into from
+658 −37

Conversation

@Patrick-Pimentel-Bitwarden
Copy link
Contributor

@Patrick-Pimentel-Bitwarden Patrick-Pimentel-Bitwarden commented Feb 3, 2026

🎟️ Tracking

https://bitwarden.atlassian.net/browse/PM-29585

📔 Objective

📸 Screenshots

⏰ Reminders before review

  • Contributor guidelines followed
  • All formatters and local linters executed and passed
  • Written new unit and / or integration tests where applicable
  • Protected functional changes with optionality (feature flags)
  • Used internationalization (i18n) for all UI strings
  • CI builds passed
  • Communicated to DevOps any deployment requirements
  • Updated any necessary documentation (Confluence, contributing docs) or informed the documentation team

🦮 Reviewer guidelines

  • 👍 (:+1:) or similar for great changes
  • 📝 (:memo:) or ℹ️ (:information_source:) for notes or general info
  • ❓ (:question:) for questions
  • 🤔 (:thinking:) or 💭 (:thought_balloon:) for more open inquiry that's not quite a confirmed issue and could potentially benefit from discussion
  • 🎨 (:art:) for suggestions / improvements
  • ❌ (:x:) or ⚠️ (:warning:) for more significant problems or concerns needing attention
  • 🌱 (:seedling:) or ♻️ (:recycle:) for future improvements or indications of technical debt
  • ⛏ (:pick:) for minor or nitpick changes

@github-actions
Copy link
Contributor

github-actions bot commented Feb 3, 2026
edited
Loading

Logo
Checkmarx One – Scan Summary & Details430a4939-1b7c-479f-a43f-79bced562152

New Issues (2)

Checkmarx found the following issues in this Pull Request

# Severity Issue Source File / Package Checkmarx Insight
1 MEDIUM CSRF /src/Api/Auth/Controllers/AccountsController.cs: 291
detailsMethod at line 291 of /src/Api/Auth/Controllers/AccountsController.cs gets a parameter from a user request from model. This parameter value flow...
Attack Vector
2 MEDIUM CSRF /src/Api/Auth/Controllers/AccountsController.cs: 452
detailsMethod at line 452 of /src/Api/Auth/Controllers/AccountsController.cs gets a parameter from a user request from model. This parameter value flow...
Attack Vector
Fixed Issues (29)

Great job! The following issues were fixed in this Pull Request

Severity Issue Source File / Package
MEDIUM CSRF /src/Api/Tools/Controllers/SendsController.cs: 68
MEDIUM CSRF /src/Api/Vault/Controllers/CiphersController.cs: 1428
MEDIUM CSRF /src/Api/Vault/Controllers/CiphersController.cs: 1428
MEDIUM CSRF /src/Api/Vault/Controllers/CiphersController.cs: 1428
MEDIUM CSRF /src/Api/Vault/Controllers/CiphersController.cs: 1403
MEDIUM CSRF /src/Api/Vault/Controllers/CiphersController.cs: 1527
MEDIUM CSRF /src/Api/Vault/Controllers/CiphersController.cs: 1457
MEDIUM CSRF /src/Api/Vault/Controllers/CiphersController.cs: 1311
MEDIUM CSRF /src/Api/Vault/Controllers/CiphersController.cs: 847
MEDIUM CSRF /src/Api/Vault/Controllers/CiphersController.cs: 847
MEDIUM CSRF /src/Api/Vault/Controllers/CiphersController.cs: 1457
MEDIUM CSRF /src/Api/Vault/Controllers/CiphersController.cs: 775
MEDIUM CSRF /src/Api/Vault/Controllers/CiphersController.cs: 807
MEDIUM CSRF /src/Api/Vault/Controllers/CiphersController.cs: 807
MEDIUM CSRF /src/Api/Vault/Controllers/CiphersController.cs: 775
MEDIUM CSRF /src/Api/Vault/Controllers/CiphersController.cs: 1403
MEDIUM CSRF /src/Api/Vault/Controllers/CiphersController.cs: 293
MEDIUM CSRF /src/Api/Vault/Controllers/CiphersController.cs: 1088
MEDIUM CSRF /src/Api/Vault/Controllers/CiphersController.cs: 1508
MEDIUM CSRF /src/Api/Vault/Controllers/CiphersController.cs: 245
MEDIUM CSRF /src/Api/Vault/Controllers/CiphersController.cs: 161
MEDIUM CSRF /src/Api/Vault/Controllers/CiphersController.cs: 191
MEDIUM CSRF /src/Api/Vault/Controllers/CiphersController.cs: 216
MEDIUM CSRF /src/Api/Vault/Controllers/CiphersController.cs: 1457
MEDIUM CSRF /src/Api/Vault/Controllers/CiphersController.cs: 1017
MEDIUM CSRF /src/Api/Vault/Controllers/CiphersController.cs: 732
MEDIUM CSRF /src/Api/Vault/Controllers/CiphersController.cs: 1050
MEDIUM CSRF /src/Api/Vault/Controllers/CiphersController.cs: 1160
MEDIUM CSRF /src/Api/Vault/Controllers/CiphersController.cs: 293

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@Patrick-Pimentel-Bitwarden