MEDIUM🇬🇧 English

CVE-2022-32550

CVSS 4.8v3.1pub. 2022-06-15upd. 2024-11-21

An issue was discovered in AgileBits 1Password, involving the method various 1Password apps and integrations used to create connections to the 1Password service. In specific circumstances, this issue allowed a malicious server to convince a 1Password app or integration it is communicating with the 1Password service.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
  • 1password

    APP
    1Password
    7.0 – 7.9.3 (bez)7.0 – 7.9.5 (bez)7.0 – 7.9.6 (bez)7.0 – 7.9.829 (bez)8.0 – 8.7.1 (bez)8.0 – 8.8.0-94 (bez)8.0 – 8.8.0-104 (bez)
  • 1password In The Browser

    APP
    1Password
    < 2.3.4
  • 1password Command Line

    APP
    1Password
    2.0.0 – 2.3.0 (bez)
  • 1password Command Line Interface

    APP
    1Password
    1.0.0 – 1.12.5 (bez)
  • 1password Connect

    APP
    1Password
    < 1.5.3
  • 1password Scim Bridge

    APP
    1Password
    < 2.3.2
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
CWE
Referencje

Powiązane podatności

CVE-2020-10256CRITICAL9.8ten sam produkt

An issue was discovered in beta versions of the 1Password command-line tool prior to 0.5.5 and in beta version...

CVE-2024-42219HIGH7.8ten sam produkt

1Password 8 before 8.10.36 for macOS allows local attackers to exfiltrate vault items because XPC inter-proces...

CVE-2020-18173HIGH7.8ten sam produkt

A DLL injection vulnerability in 1password.dll of 1Password 7.3.712 allows attackers to execute arbitrary code...

CVE-2024-42218MEDIUM4.7ten sam produkt

1Password 8 before 8.10.38 for macOS allows local attackers to exfiltrate vault items by bypassing macOS-speci...

CVE-2022-29868MEDIUM5.5ten sam produkt

1Password for Mac 7.2.4 through 7.9.x before 7.9.3 is vulnerable to a process validation bypass. Malicious sof...