CVE-2018-19863

EPSS 0.43%
Veröffentlicht 22.12.2018 15:29:00
Zuletzt bearbeitet 21.11.2024 03:58:42
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

An issue was discovered in 1Password 7.2.3.BETA before 7.2.3.BETA-3 on macOS. A mistake in error logging resulted in instances where sensitive data passed from Safari to 1Password could be logged locally on the user's machine. This data could include usernames and passwords that a user manually entered into Safari.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 6

NVD 3 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Agilebits ≫ 1password Version7.2.3 Updatebeta0 SwPlatformmac_os_x

Agilebits ≫ 1password Version7.2.3 Updatebeta1 SwPlatformmac_os_x

Agilebits ≫ 1password Version7.2.3 Updatebeta2 SwPlatformmac_os_x

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.43%	0.342

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.5	1.8	3.6	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
nvd@nist.gov	2.1	3.9	2.9	AV:L/AC:L/Au:N/C:P/I:N/A:N

CWE-532 Insertion of Sensitive Information into Log File

The product writes sensitive information to a log file.

https://app-updates.agilebits.com/product_history/OPM7#v70203009

Vendor Advisory

Release Notes

https://discussions.agilebits.com/discussion/99429/the-security-content-of=-betas-7-2-3-beta-3-and-7-2-3-beta-4/p1?new=3D1

Vendor Advisory

https://support.1password.com/kb/201812/

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2018-19863

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2018-19863

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2018-19863

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2018-19863