Lucene search

[email protected]NVD:CVE-2022-3875

HistoryDec 19, 2022 - 11:15 a.m.

CVE-2022-3875

2022-12-1911:15:10

CWE-287

CWE-302

[email protected]

web.nvd.nist.gov

vulnerability

click studios passwordstate

passwordstate browser extension chrome

remote authentication bypass

critical

unknown code

api

authentication bypass

assumed-immutable data

remote exploit

public disclosure

upgrade

vdb-216244

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

0.01 Low

EPSS

Percentile

83.8%

JSON

A vulnerability classified as critical was found in Click Studios Passwordstate and Passwordstate Browser Extension Chrome. This vulnerability affects unknown code of the component API. The manipulation leads to authentication bypass by assumed-immutable data. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-216244.

Affected configurations

NVD

Node

clickstudiospasswordstateMatch--

clickstudiospasswordstateMatch-chrome

References

modzero.com/modlog/archives/2022/12/19/better_make_sure_your_password_manager_is_secure/index.html

vuldb.com/?id.216244

www.modzero.com/static/MZ-22-03_Passwordstate_Security_Disclosure_Report-v1.0.pdf

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

0.01 Low

EPSS

Percentile

83.8%

JSON

Related for NVD:CVE-2022-3875

prion1 cve1 cvelist1 thn1