CVE-2022-29868
First published: Mon May 09 2022(Updated: )
1Password for Mac 7.2.4 through 7.9.x before 7.9.3 is vulnerable to a process validation bypass. Malicious software running on the same computer can exfiltrate secrets from 1Password provided that 1Password is running and is unlocked. Affected secrets include vault items and derived values used for signing in to 1Password.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| 1Password | >=7.2.4<7.9.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2022-29868?
CVE-2022-29868 is considered a high severity vulnerability due to its ability to allow exfiltration of sensitive information.
How do I fix CVE-2022-29868?
To fix CVE-2022-29868, you should update 1Password to version 7.9.3 or later.
What versions of 1Password are affected by CVE-2022-29868?
CVE-2022-29868 affects 1Password for Mac versions 7.2.4 through 7.9.2.
What can attackers do with CVE-2022-29868?
Attackers can exfiltrate secrets from an unlocked instance of 1Password running on the same computer.
Is my data safe if I am using a patched version of 1Password after CVE-2022-29868?
Yes, if you are using version 7.9.3 or later, your data should be secure against the vulnerability described in CVE-2022-29868.
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/references
- agent/last-modified-date
- agent/severity
- agent/weakness
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/1password
- canonical/1password
- version/1password/7.2.4