Lucene search

[email protected]CVE-2022-4610

HistoryDec 19, 2022 - 3:15 p.m.

CVE-2022-4610

2022-12-1915:15:10

CWE-327

CWE-310

[email protected]

web.nvd.nist.gov

cve-2022-4610

click studios

passwordstate

browser extension

chrome

vulnerability

local access

cryptographic algorithm

exploit

vdb-216272

nvd

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

AI Score

5.5

Confidence

High

EPSS

0.001

Percentile

20.4%

JSON

A vulnerability, which was classified as problematic, has been found in Click Studios Passwordstate and Passwordstate Browser Extension Chrome. Affected by this issue is some unknown functionality. The manipulation leads to risky cryptographic algorithm. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-216272.

Affected configurations

NVD

Node

clickstudiospasswordstateRange<9.5

clickstudiospasswordstateMatch9.5build_9500-

clickstudiospasswordstateMatch9.5build_9512-

clickstudiospasswordstateMatch9.5build_9519-

clickstudiospasswordstateMatch9.5build_9531-

clickstudiospasswordstateMatch9.5build_9533-

clickstudiospasswordstateMatch9.5build_9535-

clickstudiospasswordstateMatch9.5build_9583-

Node

clickstudiospasswordstateMatch9.5.8.4chrome

VendorProductVersionCPE
clickstudiospasswordstate9.5cpe:/a:clickstudios:passwordstate:9.5:build_9531::
clickstudiospasswordstate9.5cpe:/a:clickstudios:passwordstate:9.5:build_9500::
clickstudiospasswordstate9.5cpe:/a:clickstudios:passwordstate:9.5:build_9533::
clickstudiospasswordstate9.5cpe:/a:clickstudios:passwordstate:9.5:build_9583::
clickstudiospasswordstate9.5cpe:/a:clickstudios:passwordstate:9.5:build_9535::
clickstudiospasswordstate9.5cpe:/a:clickstudios:passwordstate:9.5:build_9519::
clickstudiospasswordstate9.5cpe:/a:clickstudios:passwordstate:9.5:build_9512::

Vendor	Product	Version	CPE
clickstudios	passwordstate	9.5	cpe:/a:clickstudios:passwordstate:9.5:build_9531::
clickstudios	passwordstate	9.5	cpe:/a:clickstudios:passwordstate:9.5:build_9500::
clickstudios	passwordstate	9.5	cpe:/a:clickstudios:passwordstate:9.5:build_9533::
clickstudios	passwordstate	9.5	cpe:/a:clickstudios:passwordstate:9.5:build_9583::
clickstudios	passwordstate	9.5	cpe:/a:clickstudios:passwordstate:9.5:build_9535::
clickstudios	passwordstate	9.5	cpe:/a:clickstudios:passwordstate:9.5:build_9519::
clickstudios	passwordstate	9.5	cpe:/a:clickstudios:passwordstate:9.5:build_9512::

CNA Affected

[
  {
    "vendor": "Click Studios",
    "product": "Passwordstate",
    "versions": [
      {
        "version": "n/a",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "Click Studios",
    "product": "Passwordstate Browser Extension Chrome",
    "versions": [
      {
        "version": "n/a",
        "status": "affected"
      }
    ]
  }
]

References

modzero.com/modlog/archives/2022/12/19/better_make_sure_your_password_manager_is_secure/index.html

vuldb.com/?id.216272

www.modzero.com/static/MZ-22-03_Passwordstate_Security_Disclosure_Report-v1.0.pdf

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

AI Score

5.5

Confidence

High

EPSS

0.001

Percentile

20.4%

JSON

Related for CVE-2022-4610

prion1 cvelist1 nvd1