The Federal Cyber Emergency Team of Belgium, cert.be, released a warning regarding KeePass. According to the warning, attackers with write access to the KeePass configuration file may modify it with triggers to export the entire password database in cleartext without user confirmation.
Triggers automate workflows in KeePass 2.x. They are run automatically when all trigger conditions are fulfilled. Triggers may be used for a variety of tasks, including exporting the active database to a file or URL. The official help file has a section on Triggers in KeePass.
The vulnerability described requires write access to the KeePass configuration file. An attacker has to add a trigger to the file that executes when a password database file is open to export the data silently in the background. Passwords are saved in clear text to a file and the attacker would need to obtain that file later on to gain access to all stored passwords.
Mitigation Option
KeePass disputes the vulnerability.
Read More: https://www.ghacks.net/2023/02/01/keepass-password-manager-vulnerability-what-you-need-to-know