Lucene search

K
cveMitreCVE-2024-42219
HistoryAug 06, 2024 - 9:16 p.m.

CVE-2024-42219

2024-08-0621:16:03
CWE-1289
mitre
web.nvd.nist.gov
14
22
1password 8
local attackers
exfiltrate vault items
xpc communication validation
insufficient

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

6.7

Confidence

Low

EPSS

0

Percentile

9.5%

1Password 8 before 8.10.36 for macOS allows local attackers to exfiltrate vault items because XPC inter-process communication validation is insufficient.

Affected configurations

Nvd
Node
1password1passwordRange8.08.10.36macos

Social References

More

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

6.7

Confidence

Low

EPSS

0

Percentile

9.5%

Related for CVE-2024-42219