5.5

CVE-2018-19863

EPSS 0.06%
Veröffentlicht 22.12.2018 15:29:00
Zuletzt bearbeitet 21.11.2024 03:58:42
Quelle cve@mitre.org
Teams Watchlist Login
Unerledigt Login

An issue was discovered in 1Password 7.2.3.BETA before 7.2.3.BETA-3 on macOS. A mistake in error logging resulted in instances where sensitive data passed from Safari to 1Password could be logged locally on the user's machine. This data could include usernames and passwords that a user manually entered into Safari.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 6

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Agilebits ≫ 1password Version7.2.3 Updatebeta0 SwPlatformmac_os_x

Agilebits ≫ 1password Version7.2.3 Updatebeta1 SwPlatformmac_os_x

Agilebits ≫ 1password Version7.2.3 Updatebeta2 SwPlatformmac_os_x

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.06%	0.192

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.5	1.8	3.6	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
nvd@nist.gov	2.1	3.9	2.9	AV:L/AC:L/Au:N/C:P/I:N/A:N

CWE-532 Insertion of Sensitive Information into Log File

The product writes sensitive information to a log file.

https://app-updates.agilebits.com/product_history/OPM7#v70203009

Vendor Advisory

Release Notes

https://discussions.agilebits.com/discussion/99429/the-security-content-of=-betas-7-2-3-beta-3-and-7-2-3-beta-4/p1?new=3D1

Vendor Advisory

https://support.1password.com/kb/201812/

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2018-19863

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2018-19863

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2018-19863

EUVD