Connection Vulnerability in AgileBits 1Password Applications
CVE-2022-32550

4.8MEDIUM

Key Information:

Vendor: 1password
Status: 1password In The Browser; Connect; Scim Bridge; Command-line
Vendor: CVE Published:; 15 June 2022

What is CVE-2022-32550?

A security flaw was identified in AgileBits 1Password applications that enables a malicious server to impersonate the 1Password service during communications. This vulnerability compromises the integrity of data exchanged between the app and the service, potentially exposing sensitive user information. The issue arises from the way certain 1Password apps and integrations establish connections. It is crucial for users and organizations utilizing 1Password to ensure they are using updated versions and to stay informed about security patches.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://support.1password.com/kb/202206/

x_refsource_MISC

CVSS V3.1

Score:

4.8

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 15, 2022
Vulnerability Reserved
Jun 8, 2022

JSON

1password

What is CVE-2022-32550?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.