1. Home
  2. CVE Database
  3. CVE-2022-32550
MEDIUM · 4.8

CVE-2022-32550

An issue was discovered in AgileBits 1Password, involving the method various 1Password apps and integrations used to create connections to the 1Password service. In specific circumstances, this issue ...

Vulnerability Description

An issue was discovered in AgileBits 1Password, involving the method various 1Password apps and integrations used to create connections to the 1Password service. In specific circumstances, this issue allowed a malicious server to convince a 1Password app or integration it is communicating with the 1Password service.

CVSS Score

4.8

MEDIUM

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
LOW
Integrity
LOW
Availability
NONE

Affected Products

VendorProductVersions
1Password1Password>= 7.0, < 7.9.3
1Password1Password In The Browser< 2.3.4
1PasswordCommand-Line>= 2.0.0, < 2.3.0
1PasswordCommand Line Interface>= 1.0.0, < 1.12.5
1PasswordConnect< 1.5.3
1PasswordScim Bridge< 2.3.2

References

FAQ

What is CVE-2022-32550?

CVE-2022-32550 is a vulnerability with a CVSS score of 4.8 (MEDIUM). An issue was discovered in AgileBits 1Password, involving the method various 1Password apps and integrations used to create connections to the 1Password service. In specific circumstances, this issue ...

How severe is CVE-2022-32550?

CVE-2022-32550 has been rated MEDIUM with a CVSS base score of 4.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2022-32550?

Check the references section above for vendor advisories and patch information. Affected products include: 1Password 1Password, 1Password 1Password In The Browser, 1Password Command-Line, 1Password Command Line Interface, 1Password Connect.