CVE-2018-19863 Information

Description

An issue was discovered in 1Password 7.2.3.BETA before 7.2.3.BETA-3 on macOS. A mistake in error logging resulted in instances where sensitive data passed from Safari to 1Password could be logged locally on the user’s machine. This data could include usernames and passwords that a user manually entered into Safari.

CVSS Vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Reference

https://app-updates.agilebits.com/product_history/OPM7v70203009 https://discussions.agilebits.com/discussion/99429/the-security-content-of=-betas-7-2-3-beta-3-and-7-2-3-beta-4/p1?new=3D1 https://support.1password.com/kb/201812/

Attack Complexity

LOW

Privileges Required

LOW

User Interaction Required

LOW

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

NONE

Base Score

NONE

Base Severity

5.5