CVE-2018-13042 — MEDIUM (5.9)

Vulnerability Description

The 1Password application 6.8 for Android is affected by a Denial Of Service vulnerability. By starting the activity com.agilebits.onepassword.filling.openyolo.OpenYoloDeleteActivity or com.agilebits.onepassword.filling.openyolo.OpenYoloRetrieveActivity from an external application (since they are exported), it is possible to crash the 1Password instance.

CVSS Score

5.9

MEDIUM

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

NONE

Availability

HIGH

Affected Products

Vendor	Product	Versions
1Password	1Password	6.8

Related Weaknesses (CWE)

CWE-20

References

https://app-updates.agilebits.com/product_history/OPA4Vendor Advisory
https://www.exploit-db.com/exploits/46165/Third Party AdvisoryVDB Entry
https://www.valbrux.it/blog/2019/01/22/cve-2018-13042-1password-android-7-0-deni
https://app-updates.agilebits.com/product_history/OPA4Vendor Advisory
https://www.exploit-db.com/exploits/46165/Third Party AdvisoryVDB Entry
https://www.valbrux.it/blog/2019/01/22/cve-2018-13042-1password-android-7-0-deni

FAQ

What is CVE-2018-13042?

CVE-2018-13042 is a vulnerability with a CVSS score of 5.9 (MEDIUM). The 1Password application 6.8 for Android is affected by a Denial Of Service vulnerability. By starting the activity com.agilebits.onepassword.filling.openyolo.OpenYoloDeleteActivity or com.agilebits....

How severe is CVE-2018-13042?

CVE-2018-13042 has been rated MEDIUM with a CVSS base score of 5.9/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2018-13042?

Check the references section above for vendor advisories and patch information. Affected products include: 1Password 1Password.