CVE-2022-29868 — MEDIUM (5.5)

Q: How severe is CVE-2022-29868?

CVE-2022-29868 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2022-29868?

Check the references section above for vendor advisories and patch information. Affected products include: 1Password 1Password.

Vulnerability Description

1Password for Mac 7.2.4 through 7.9.x before 7.9.3 is vulnerable to a process validation bypass. Malicious software running on the same computer can exfiltrate secrets from 1Password provided that 1Password is running and is unlocked. Affected secrets include vault items and derived values used for signing in to 1Password.

CVSS Score

5.5

MEDIUM

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
1Password	1Password	>= 7.2.4, < 7.9.3

Related Weaknesses (CWE)

CWE-312

References

https://support.1password.com/kb/202204/Vendor Advisory
https://support.1password.com/kb/202204/Vendor Advisory

FAQ

What is CVE-2022-29868?

CVE-2022-29868 is a vulnerability with a CVSS score of 5.5 (MEDIUM). 1Password for Mac 7.2.4 through 7.9.x before 7.9.3 is vulnerable to a process validation bypass. Malicious software running on the same computer can exfiltrate secrets from 1Password provided that 1Pa...

How severe is CVE-2022-29868?

CVE-2022-29868 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2022-29868?

Check the references section above for vendor advisories and patch information. Affected products include: 1Password 1Password.