Cyber Resilience

CVE-2022-32550

Medium

Published: 15 June 2022

Published
15 June 2022
Modified
21 November 2024
KEV Added
Patch
CVSS Score v3.1 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
EPSS Score 0.0034 56.7th percentile
Risk Priority 10 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2022-32550 is a medium-severity an unspecified weakness vulnerability in 1Password 1Password. Its CVSS base score is 4.8 (Medium).

Operationally, ranked in the top 43.3% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

EU & UK References

Vulnerability details

An issue was discovered in AgileBits 1Password, involving the method various 1Password apps and integrations used to create connections to the 1Password service. In specific circumstances, this issue allowed a malicious server to convince a 1Password app or integration it…

more

is communicating with the 1Password service.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

1password
1password
7.0 — 7.9.3 · 7.0 — 7.9.5 · 7.0 — 7.9.6
1password
1password in the browser
≤ 2.3.4
1password
command-line
2.0.0 — 2.3.0
1password
command line interface
1.0.0 — 1.12.5
1password
connect
≤ 1.5.3
1password
scim bridge
≤ 2.3.2

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References