5.5

CVE-2018-19863

EPSS 0.06%
Published 22.12.2018 15:29:00
Last modified 21.11.2024 03:58:42
Source cve@mitre.org
Teams watchlist Login
Open Login

An issue was discovered in 1Password 7.2.3.BETA before 7.2.3.BETA-3 on macOS. A mistake in error logging resulted in instances where sensitive data passed from Safari to 1Password could be logged locally on the user's machine. This data could include usernames and passwords that a user manually entered into Safari.

Affected products Warnungen 0 Metrics 3 CWE 1 References 6

Data is provided by the National Vulnerability Database (NVD)

Agilebits ≫ 1password Version7.2.3 Updatebeta0 SwPlatformmac_os_x

Agilebits ≫ 1password Version7.2.3 Updatebeta1 SwPlatformmac_os_x

Agilebits ≫ 1password Version7.2.3 Updatebeta2 SwPlatformmac_os_x

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.06%	0.192

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	5.5	1.8	3.6	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
nvd@nist.gov	2.1	3.9	2.9	AV:L/AC:L/Au:N/C:P/I:N/A:N

CWE-532 Insertion of Sensitive Information into Log File

The product writes sensitive information to a log file.

https://app-updates.agilebits.com/product_history/OPM7#v70203009

Vendor Advisory

Release Notes

https://discussions.agilebits.com/discussion/99429/the-security-content-of=-betas-7-2-3-beta-3-and-7-2-3-beta-4/p1?new=3D1

Vendor Advisory

https://support.1password.com/kb/201812/

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2018-19863

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2018-19863

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2018-19863

EUVD