Lucene search

[email protected]CVE-2022-32550

HistoryJun 15, 2022 - 7:15 p.m.

CVE-2022-32550

2022-06-1519:15:11

[email protected]

web.nvd.nist.gov

1498

agilebits

1password

cve-2022-32550

security issue

malicious server

5.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

4.8 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

5 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

31.3%

JSON

An issue was discovered in AgileBits 1Password, involving the method various 1Password apps and integrations used to create connections to the 1Password service. In specific circumstances, this issue allowed a malicious server to convince a 1Password app or integration it is communicating with the 1Password service.

Affected configurations

NVD

Node

1password1passwordRange7.0–7.9.3android

1password1passwordRange7.0–7.9.5macos

1password1passwordRange7.0–7.9.6iphone_os

1password1passwordRange7.0–7.9.829windows

1password1passwordRange8.0–8.7.1linux

1password1passwordRange8.0–8.7.1macos

1password1passwordRange8.0–8.7.1windows

1password1passwordRange8.0–8.8.0-94iphone_os

1password1passwordRange8.0–8.8.0-104android

1password1password_in_the_browserRange<2.3.4

1passwordcommand-lineRange2.0.0–2.3.0

1passwordcommand_line_interfaceRange1.0.0–1.12.5

1passwordconnectRange<1.5.3

1passwordscim_bridgeRange<2.3.2

CPENameOperatorVersion
1password:1password1passwordlt7.9.3
1password:1password1passwordlt7.9.5
1password:1password1passwordlt7.9.6
1password:1password1passwordlt7.9.829
1password:1password1passwordlt8.7.1
1password:1password1passwordlt8.8.0-94
1password:1password1passwordlt8.8.0-104
1password:1password_in_the_browser1password 1password in the browserlt2.3.4
1password:command-line1password command-linelt2.3.0
1password:command_line_interface1password command line interfacelt1.12.5

CPE	Name	Operator	Version
1password:1password	1password	lt	7.9.3
1password:1password	1password	lt	7.9.5
1password:1password	1password	lt	7.9.6
1password:1password	1password	lt	7.9.829
1password:1password	1password	lt	8.7.1
1password:1password	1password	lt	8.8.0-94
1password:1password	1password	lt	8.8.0-104
1password:1password_in_the_browser	1password 1password in the browser	lt	2.3.4
1password:command-line	1password command-line	lt	2.3.0
1password:command_line_interface	1password command line interface	lt	1.12.5

Rows per page:

1-10 of 121

References

support.1password.com/kb/202206/

5.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

4.8 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

5 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

31.3%

JSON

Related for CVE-2022-32550

cvelist1 prion1 nvd1