CVE-2022-32550

Published: Jun 15, 2022Modified: Nov 21, 2024

4.8

Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

Exploitability: 2.2 / Impact: 2.5

Source: NVD

Description

An issue was discovered in AgileBits 1Password, involving the method various 1Password apps and integrations used to create connections to the 1Password service. In specific circumstances, this issue allowed a malicious server to convince a 1Password app or integration it is communicating with the 1Password service.

Affected (14)

Products: 1password: 1password, 1password In The Browser, Command Line, Command Line Interface, Connect, Scim Bridge

1password

6 products

1password

1password In The Browser

Command Line

Command Line Interface

Connect

Scim Bridge

Configuration A

14 vulnerable

Vulnerable Software	Affected Versions
1password 1password	From 7.0 to 7.9.3
1password 1password	From 8.0 to 8.8.0-104
1password 1password	From 7.0 to 7.9.6
1password 1password	From 8.0 to 8.8.0-94
1password 1password	From 8.0 to 8.7.1
1password 1password	From 7.0 to 7.9.5
1password 1password	From 8.0 to 8.7.1
1password 1password	From 7.0 to 7.9.829
1password 1password	From 8.0 to 8.7.1
1password 1password In The Browser	Before 2.3.4
1password Command Line	From 2.0.0 to 2.3.0
1password Command Line Interface	From 1.0.0 to 1.12.5
1password Connect	Before 1.5.3
1password Scim Bridge	Before 2.3.2

References (2)

https://support.1password.com/kb/202206/

Source: cve@mitre.org

Vendor Advisory

https://support.1password.com/kb/202206/

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.