[PM-34543] Add receive owner email to share response

[Thomas-Avery]

🎟️ Tracking

https://bitwarden.atlassian.net/browse/PM-34543

📔 Objective

Adds receive owner email to share data response.

[github-actions]

Checkmarx One – Scan Summary & Details – c0b4cb25-a5ad-4712-bf5f-f61f143cba73

---

New Issues (139)

Checkmarx found the following issues in this Pull Request

#	Severity	Issue	Source File / Package	Checkmarx Insight
1		Stored_XSS	/src/SharedWeb/Health/HealthCheckServiceExtensions.cs: 61	details The method embeds untrusted data in generated output with WriteAsync, at line 60 of /src/SharedWeb/Health/HealthCheckServiceExtensions.cs. This ... Attack Vector
2		Stored_XSS	/util/Server/Startup.cs: 57	details The method embeds untrusted data in generated output with WriteAsync, at line 59 of /util/Server/Startup.cs. This untrusted data is embedded int... Attack Vector
3		CVE-2022-37620	Npm-html-minifier-4.0.0	details Description: A Regular Expression Denial of Service (ReDoS) flaw was found in html-minifier versions 2.1.0 through 4.0.0 via the "candidate" variable in "htmlmi... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
4		CVE-2025-64756	Npm-glob-10.4.5	details Recommended version: 10.5.0 Description: Glob matches files using patterns the shell uses. In versions 10.2.0 prior to 10.5.0 and 11.0.0 prior to 11.1.0, the glob CLI contains a command in... Attack Vector: NETWORK Attack Complexity: HIGH Vulnerable Package
5		CVE-2026-26996	Npm-minimatch-9.0.5	details Recommended version: 9.0.7 Description: minimatch is a minimal matching utility for converting glob expressions into JavaScript RegExp objects. Versions prior to 3.1.3, 4.0.0 prior to 4.2... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
6		CVE-2026-26996	Npm-minimatch-3.1.2	details Recommended version: 3.1.4 Description: minimatch is a minimal matching utility for converting glob expressions into JavaScript RegExp objects. Versions prior to 3.1.3, 4.0.0 prior to 4.2... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
7		CVE-2026-26996	Npm-minimatch-9.0.1	details Recommended version: 9.0.7 Description: minimatch is a minimal matching utility for converting glob expressions into JavaScript RegExp objects. Versions prior to 3.1.3, 4.0.0 prior to 4.2... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
8		CVE-2026-27903	Npm-minimatch-9.0.1	details Recommended version: 9.0.7 Description: minimatch is a minimal matching utility for converting glob expressions into JavaScript RegExp objects. All versions starting from 3.0.0 and prior ... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
9		CVE-2026-27903	Npm-minimatch-3.1.2	details Recommended version: 3.1.4 Description: minimatch is a minimal matching utility for converting glob expressions into JavaScript RegExp objects. All versions starting from 3.0.0 and prior ... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
10		CVE-2026-27903	Npm-minimatch-9.0.5	details Recommended version: 9.0.7 Description: minimatch is a minimal matching utility for converting glob expressions into JavaScript RegExp objects. All versions starting from 3.0.0 and prior ... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
11		CVE-2026-27904	Npm-minimatch-9.0.5	details Recommended version: 9.0.7 Description: minimatch is a minimal matching utility for converting glob expressions into JavaScript RegExp objects. All versions starting from 3.0.0 and prior ... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
12		CVE-2026-27904	Npm-minimatch-3.1.2	details Recommended version: 3.1.4 Description: minimatch is a minimal matching utility for converting glob expressions into JavaScript RegExp objects. All versions starting from 3.0.0 and prior ... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
13		CVE-2026-27904	Npm-minimatch-9.0.1	details Recommended version: 9.0.7 Description: minimatch is a minimal matching utility for converting glob expressions into JavaScript RegExp objects. All versions starting from 3.0.0 and prior ... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
14		CVE-2026-29063	Npm-immutable-5.1.3	details Recommended version: 5.1.5 Description: Immutable.js provides many Persistent Immutable data structures. 3.x prior to versions 3.8.3, 4.x prior to versions 4.3.7, and 5.x prior to versio... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
15		CVE-2026-32933	Nuget-AutoMapper-12.0.1	details Recommended version: 15.1.1 Description: AutoMapper is vulnerable to a Denial-of-Service (DoS) attack. Versions prior to 15.1.1 and 16.x prior to 16.1.1, when mapping deeply nested object ... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
16		CVE-2026-33671	Npm-picomatch-2.3.1	details Recommended version: 2.3.2 Description: `picomatch` is vulnerable to Regular Expression Denial of Service (ReDoS) when processing crafted extglob patterns. Certain patterns using extglob ... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
17		Cxf5fb15b0-6576	Npm-serialize-javascript-6.0.2	details Recommended version: 7.0.3 Description: serialize-javascript through 7.0.2 contains a code injection vulnerability due to improper escaping of "RegExp.flags" during serialization. Althoug... Attack Vector: NETWORK Attack Complexity: HIGH Vulnerable Package
18		CSRF	/src/Api/Tools/Controllers/ReceivesController.cs: 127	details Method at line 127 of /src/Api/Tools/Controllers/ReceivesController.cs gets a parameter from a user request from id. This parameter value flows ... Attack Vector
19		CSRF	/src/Api/Tools/Controllers/ReceivesController.cs: 182	details Method at line 182 of /src/Api/Tools/Controllers/ReceivesController.cs gets a parameter from a user request from request. This parameter value f... Attack Vector
20		CSRF	/src/Api/Tools/Controllers/ReceivesController.cs: 182	details Method at line 182 of /src/Api/Tools/Controllers/ReceivesController.cs gets a parameter from a user request from id. This parameter value flows ... Attack Vector
21		CSRF	/src/Api/KeyManagement/Controllers/AccountsKeyManagementController.cs: 145	details Method at line 145 of /src/Api/KeyManagement/Controllers/AccountsKeyManagementController.cs gets a parameter from a user request from request. T... Attack Vector
22		CSRF	/src/Api/KeyManagement/Controllers/AccountsKeyManagementController.cs: 145	details Method at line 145 of /src/Api/KeyManagement/Controllers/AccountsKeyManagementController.cs gets a parameter from a user request from request. T... Attack Vector
23		CSRF	/src/Api/KeyManagement/Controllers/AccountsKeyManagementController.cs: 97	details Method at line 97 of /src/Api/KeyManagement/Controllers/AccountsKeyManagementController.cs gets a parameter from a user request from model. This... Attack Vector
24		CSRF	/src/Api/KeyManagement/Controllers/AccountsKeyManagementController.cs: 97	details Method at line 97 of /src/Api/KeyManagement/Controllers/AccountsKeyManagementController.cs gets a parameter from a user request from model. This... Attack Vector
25		CSRF	/src/Api/KeyManagement/Controllers/AccountsKeyManagementController.cs: 229	details Method at line 229 of /src/Api/KeyManagement/Controllers/AccountsKeyManagementController.cs gets a parameter from a user request from model. Thi... Attack Vector
26		CSRF	/src/Api/Vault/Controllers/CiphersController.cs: 1592	details Method at line 1592 of /src/Api/Vault/Controllers/CiphersController.cs gets a parameter from a user request from id. This parameter value flows ... Attack Vector
27		CSRF	/src/Api/Tools/Controllers/SendsController.cs: 73	details Method at line 73 of /src/Api/Tools/Controllers/SendsController.cs gets a parameter from a user request from id. This parameter value flows thro... Attack Vector
28		CSRF	/src/Api/AdminConsole/Controllers/OrganizationUsersController.cs: 307	details Method at line 307 of /src/Api/AdminConsole/Controllers/OrganizationUsersController.cs gets a parameter from a user request from organizationUser... Attack Vector
29		CSRF	/src/Api/AdminConsole/Controllers/OrganizationUsersController.cs: 307	details Method at line 307 of /src/Api/AdminConsole/Controllers/OrganizationUsersController.cs gets a parameter from a user request from model. This par... Attack Vector
30		CSRF	/src/Api/Auth/Controllers/AccountsController.cs: 217	details Method at line 217 of /src/Api/Auth/Controllers/AccountsController.cs gets a parameter from a user request from model. This parameter value flow... Attack Vector
31		CSRF	/src/Api/Public/Controllers/CollectionsController.cs: 91	details Method at line 91 of /src/Api/Public/Controllers/CollectionsController.cs gets a parameter from a user request from model. This parameter value ... Attack Vector
32		CSRF	/src/Api/Public/Controllers/CollectionsController.cs: 91	details Method at line 91 of /src/Api/Public/Controllers/CollectionsController.cs gets a parameter from a user request from model. This parameter value ... Attack Vector
33		CSRF	/src/Api/Public/Controllers/CollectionsController.cs: 91	details Method at line 91 of /src/Api/Public/Controllers/CollectionsController.cs gets a parameter from a user request from model. This parameter value ... Attack Vector
34		CSRF	/src/Api/Public/Controllers/CollectionsController.cs: 91	details Method at line 91 of /src/Api/Public/Controllers/CollectionsController.cs gets a parameter from a user request from model. This parameter value ... Attack Vector
35		CSRF	/src/Api/Controllers/CollectionsController.cs: 176	details Method at line 176 of /src/Api/Controllers/CollectionsController.cs gets a parameter from a user request from model. This parameter value flows ... Attack Vector
36		CSRF	/src/Api/Controllers/CollectionsController.cs: 176	details Method at line 176 of /src/Api/Controllers/CollectionsController.cs gets a parameter from a user request from model. This parameter value flows ... Attack Vector
37		CSRF	/src/Api/Controllers/CollectionsController.cs: 176	details Method at line 176 of /src/Api/Controllers/CollectionsController.cs gets a parameter from a user request from model. This parameter value flows ... Attack Vector
38		CSRF	/src/Api/Controllers/CollectionsController.cs: 176	details Method at line 176 of /src/Api/Controllers/CollectionsController.cs gets a parameter from a user request from model. This parameter value flows ... Attack Vector
39		CSRF	/src/Api/KeyManagement/Controllers/AccountsKeyManagementController.cs: 173	details Method at line 173 of /src/Api/KeyManagement/Controllers/AccountsKeyManagementController.cs gets a parameter from a user request from model. Thi... Attack Vector
40		CSRF	/src/Api/Auth/Controllers/AccountsController.cs: 452	details Method at line 452 of /src/Api/Auth/Controllers/AccountsController.cs gets a parameter from a user request from model. This parameter value flow... Attack Vector
41		CSRF	/src/Api/Dirt/Controllers/OrganizationReportsController.cs: 189	details Method at line 189 of /src/Api/Dirt/Controllers/OrganizationReportsController.cs gets a parameter from a user request from request. This paramet... Attack Vector
42		CSRF	/src/Api/AdminConsole/Controllers/OrganizationUsersController.cs: 531	details Method at line 531 of /src/Api/AdminConsole/Controllers/OrganizationUsersController.cs gets a parameter from a user request from model. This par... Attack Vector
43		CSRF	/src/Api/Billing/Controllers/VNext/AccountBillingVNextController.cs: 87	details Method at line 87 of /src/Api/Billing/Controllers/VNext/AccountBillingVNextController.cs gets a parameter from a user request from user. This pa... Attack Vector
44		CSRF	/src/Api/Billing/Controllers/VNext/OrganizationBillingVNextController.cs: 107	details Method at line 107 of /src/Api/Billing/Controllers/VNext/OrganizationBillingVNextController.cs gets a parameter from a user request from organiza... Attack Vector
45		CSRF	/src/Api/Vault/Controllers/CiphersController.cs: 1451	details Method at line 1451 of /src/Api/Vault/Controllers/CiphersController.cs gets a parameter from a user request from id. This parameter value flows ... Attack Vector
46		CSRF	/src/Api/Dirt/Controllers/OrganizationReportsController.cs: 286	details Method at line 286 of /src/Api/Dirt/Controllers/OrganizationReportsController.cs gets a parameter from a user request from request. This paramet... Attack Vector
47		CSRF	/src/Api/Dirt/Controllers/OrganizationReportsController.cs: 233	details Method at line 233 of /src/Api/Dirt/Controllers/OrganizationReportsController.cs gets a parameter from a user request from request. This paramet... Attack Vector
48		CSRF	/src/Api/Dirt/Controllers/OrganizationReportsController.cs: 189	details Method at line 189 of /src/Api/Dirt/Controllers/OrganizationReportsController.cs gets a parameter from a user request from request. This paramet... Attack Vector
49		CSRF	/src/Api/Vault/Controllers/CiphersController.cs: 1451	details Method at line 1451 of /src/Api/Vault/Controllers/CiphersController.cs gets a parameter from a user request from id. This parameter value flows ... Attack Vector
50		CSRF	/src/Api/Vault/Controllers/CiphersController.cs: 1451	details Method at line 1451 of /src/Api/Vault/Controllers/CiphersController.cs gets a parameter from a user request from id. This parameter value flows ... Attack Vector
51		CSRF	/src/Api/AdminConsole/Controllers/GroupsController.cs: 289	details Method at line 289 of /src/Api/AdminConsole/Controllers/GroupsController.cs gets a parameter from a user request from orgUserId. This parameter ... Attack Vector
52		CSRF	/src/Api/Vault/Controllers/CiphersController.cs: 1419	details Method at line 1419 of /src/Api/Vault/Controllers/CiphersController.cs gets a parameter from a user request from id. This parameter value flows ... Attack Vector
53		CSRF	/src/Api/Vault/Controllers/CiphersController.cs: 1480	details Method at line 1480 of /src/Api/Vault/Controllers/CiphersController.cs gets a parameter from a user request from id. This parameter value flows ... Attack Vector
54		CSRF	/src/Api/Vault/Controllers/CiphersController.cs: 1184	details Method at line 1184 of /src/Api/Vault/Controllers/CiphersController.cs gets a parameter from a user request from id. This parameter value flows ... Attack Vector
55		CSRF	/src/Api/Vault/Controllers/CiphersController.cs: 1068	details Method at line 1068 of /src/Api/Vault/Controllers/CiphersController.cs gets a parameter from a user request from id. This parameter value flows ... Attack Vector
56		CSRF	/src/Api/Vault/Controllers/CiphersController.cs: 1317	details Method at line 1317 of /src/Api/Vault/Controllers/CiphersController.cs gets a parameter from a user request from organizationId. This parameter ... Attack Vector
57		CSRF	/src/Api/AdminConsole/Controllers/OrganizationUsersController.cs: 399	details Method at line 399 of /src/Api/AdminConsole/Controllers/OrganizationUsersController.cs gets a parameter from a user request from model. This par... Attack Vector
58		CSRF	/src/Api/AdminConsole/Controllers/OrganizationUsersController.cs: 390	details Method at line 390 of /src/Api/AdminConsole/Controllers/OrganizationUsersController.cs gets a parameter from a user request from model. This par... Attack Vector
59		CSRF	/src/Api/AdminConsole/Controllers/OrganizationUsersController.cs: 390	details Method at line 390 of /src/Api/AdminConsole/Controllers/OrganizationUsersController.cs gets a parameter from a user request from id. This parame... Attack Vector
60		CSRF	/src/Api/Billing/Controllers/VNext/OrganizationBillingVNextController.cs: 95	details Method at line 95 of /src/Api/Billing/Controllers/VNext/OrganizationBillingVNextController.cs gets a parameter from a user request from organizat... Attack Vector
61		CSRF	/src/Api/Billing/Controllers/VNext/ProviderBillingVNextController.cs: 82	details Method at line 82 of /src/Api/Billing/Controllers/VNext/ProviderBillingVNextController.cs gets a parameter from a user request from provider. Th... Attack Vector
62		CSRF	/src/Api/Billing/Controllers/VNext/AccountBillingVNextController.cs: 76	details Method at line 76 of /src/Api/Billing/Controllers/VNext/AccountBillingVNextController.cs gets a parameter from a user request from user. This pa... Attack Vector
63		CSRF	/src/Api/Billing/Controllers/VNext/OrganizationBillingVNextController.cs: 49	details Method at line 49 of /src/Api/Billing/Controllers/VNext/OrganizationBillingVNextController.cs gets a parameter from a user request from organizat... Attack Vector
64		CSRF	/src/Api/Billing/Controllers/VNext/ProviderBillingVNextController.cs: 40	details Method at line 40 of /src/Api/Billing/Controllers/VNext/ProviderBillingVNextController.cs gets a parameter from a user request from provider. Th... Attack Vector
65		CSRF	/src/Api/Vault/Controllers/CiphersController.cs: 1262	details Method at line 1262 of /src/Api/Vault/Controllers/CiphersController.cs gets a parameter from a user request from model. This parameter value flo... Attack Vector
66		CSRF	/src/Api/KeyManagement/Controllers/AccountsKeyManagementController.cs: 173	details Method at line 173 of /src/Api/KeyManagement/Controllers/AccountsKeyManagementController.cs gets a parameter from a user request from model. Thi... Attack Vector
67		CSRF	/src/Api/Vault/Controllers/SecurityTaskController.cs: 66	details Method at line 66 of /src/Api/Vault/Controllers/SecurityTaskController.cs gets a parameter from a user request from taskId. This parameter value... Attack Vector
68		CSRF	/src/Api/Auth/Controllers/EmergencyAccessController.cs: 173	details Method at line 173 of /src/Api/Auth/Controllers/EmergencyAccessController.cs gets a parameter from a user request from model. This parameter val... Attack Vector
69		CSRF	/src/Api/Auth/Controllers/AccountsController.cs: 126	details Method at line 126 of /src/Api/Auth/Controllers/AccountsController.cs gets a parameter from a user request from model. This parameter value flow... Attack Vector
70		CSRF	/src/Api/Auth/Controllers/AccountsController.cs: 664	details Method at line 664 of /src/Api/Auth/Controllers/AccountsController.cs gets a parameter from a user request from model. This parameter value flow... Attack Vector
71		CSRF	/src/Api/Auth/Controllers/AccountsController.cs: 192	details Method at line 192 of /src/Api/Auth/Controllers/AccountsController.cs gets a parameter from a user request from model. This parameter value flow... Attack Vector
72		CSRF	/src/Api/Auth/Controllers/AccountsController.cs: 641	details Method at line 641 of /src/Api/Auth/Controllers/AccountsController.cs gets a parameter from a user request from model. This parameter value flow... Attack Vector
73		CSRF	/src/Api/Vault/Controllers/CiphersController.cs: 853	details Method at line 853 of /src/Api/Vault/Controllers/CiphersController.cs gets a parameter from a user request from model. This parameter value flow... Attack Vector
74		CSRF	/src/Api/Vault/Controllers/CiphersController.cs: 853	details Method at line 853 of /src/Api/Vault/Controllers/CiphersController.cs gets a parameter from a user request from id. This parameter value flows t... Attack Vector
75		CSRF	/src/Api/Vault/Controllers/CiphersController.cs: 853	details Method at line 853 of /src/Api/Vault/Controllers/CiphersController.cs gets a parameter from a user request from id. This parameter value flows t... Attack Vector
76		CSRF	/src/Api/Vault/Controllers/CiphersController.cs: 853	details Method at line 853 of /src/Api/Vault/Controllers/CiphersController.cs gets a parameter from a user request from model. This parameter value flow... Attack Vector
77		CSRF	/src/Api/NotificationCenter/Controllers/NotificationsController.cs: 61	details Method at line 61 of /src/Api/NotificationCenter/Controllers/NotificationsController.cs gets a parameter from a user request from id. This param... Attack Vector
78		CSRF	/src/Api/NotificationCenter/Controllers/NotificationsController.cs: 67	details Method at line 67 of /src/Api/NotificationCenter/Controllers/NotificationsController.cs gets a parameter from a user request from id. This param... Attack Vector
79		CSRF	/src/Api/Vault/Controllers/CiphersController.cs: 1480	details Method at line 1480 of /src/Api/Vault/Controllers/CiphersController.cs gets a parameter from a user request from id. This parameter value flows ... Attack Vector
80		CSRF	/src/Api/Vault/Controllers/CiphersController.cs: 781	details Method at line 781 of /src/Api/Vault/Controllers/CiphersController.cs gets a parameter from a user request from id. This parameter value flows t... Attack Vector
81		CSRF	/src/Api/Vault/Controllers/CiphersController.cs: 813	details Method at line 813 of /src/Api/Vault/Controllers/CiphersController.cs gets a parameter from a user request from id. This parameter value flows t... Attack Vector

More results are available on the CxOne platform

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

[codecov]

Codecov Report

❌ Patch coverage is 85.71429% with 1 line in your changes missing coverage. Please review.
⚠️ Please upload report for BASE (PM-33889-Innovation-sprint-Bitwarden-Receive@c376255). Learn more about missing BASE report.

Files with missing lines	Patch %	Lines
src/Api/Tools/Controllers/ReceivesController.cs	75.00%	0 Missing and 1 partial ⚠️

Additional details and impacted files

@@                               Coverage Diff                               @@
##             PM-33889-Innovation-sprint-Bitwarden-Receive    #7377   +/-   ##
===============================================================================
  Coverage                                                ?   57.70%           
===============================================================================
  Files                                                   ?     2071           
  Lines                                                   ?    90660           
  Branches                                                ?     8029           
===============================================================================
  Hits                                                    ?    52318           
  Misses                                                  ?    36480           
  Partials                                                ?     1862           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.