Vulnerability Details : CVE-2018-19863
An issue was discovered in 1Password 7.2.3.BETA before 7.2.3.BETA-3 on macOS. A mistake in error logging resulted in instances where sensitive data passed from Safari to 1Password could be logged locally on the user's machine. This data could include usernames and passwords that a user manually entered into Safari.
Exploit prediction scoring system (EPSS) score for CVE-2018-19863
Probability of exploitation activity in the next 30 days: 0.05%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 17 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2018-19863
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
2.1
|
LOW | AV:L/AC:L/Au:N/C:P/I:N/A:N |
3.9
|
2.9
|
NIST |
5.5
|
MEDIUM | CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
1.8
|
3.6
|
NIST |
CWE ids for CVE-2018-19863
-
Information written to log files can be of a sensitive nature and give valuable guidance to an attacker or expose sensitive user information.Assigned by: nvd@nist.gov (Primary)
References for CVE-2018-19863
-
https://app-updates.agilebits.com/product_history/OPM7#v70203009
1Password for Mac Release NotesRelease Notes;Vendor Advisory
-
https://discussions.agilebits.com/discussion/99429/the-security-content-of=-betas-7-2-3-beta-3-and-7-2-3-beta-4/p1?new=3D1
The Security content of Betas 7.2.3-Beta-3 and 7.2.3-Beta-4 — 1Password ForumVendor Advisory
-
https://support.1password.com/kb/201812/
CVE-2018-19863 for specific beta versions of 1Password for MacVendor Advisory
Products affected by CVE-2018-19863
- cpe:2.3:a:agilebits:1password:7.2.3:beta0:*:*:*:mac_os_x:*:*
- cpe:2.3:a:agilebits:1password:7.2.3:beta1:*:*:*:mac_os_x:*:*
- cpe:2.3:a:agilebits:1password:7.2.3:beta2:*:*:*:mac_os_x:*:*