CVE-2022-32550
First published: Wed Jun 15 2022(Updated: )
An issue was discovered in AgileBits 1Password, involving the method various 1Password apps and integrations used to create connections to the 1Password service. In specific circumstances, this issue allowed a malicious server to convince a 1Password app or integration it is communicating with the 1Password service.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| 1Password | >=7.0<7.9.3 | |
| 1Password | >=7.0<7.9.5 | |
| 1Password | >=7.0<7.9.6 | |
| 1Password | >=7.0<7.9.829 | |
| 1Password | >=8.0<8.7.1 | |
| 1Password | >=8.0<8.7.1 | |
| 1Password | >=8.0<8.7.1 | |
| 1Password | >=8.0<8.8.0-94 | |
| 1Password | >=8.0<8.8.0-104 | |
| 1Password | <2.3.4 | |
| 1Password | >=2.0.0<2.3.0 | |
| 1Password | >=1.0.0<1.12.5 | |
| 1Password | <1.5.3 | |
| 1Password | <2.3.2 | |
| 1Password | >=1.0.0<1.12.5 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this issue?
The vulnerability ID for this issue is CVE-2022-32550.
What is the severity of CVE-2022-32550?
The severity of CVE-2022-32550 is medium.
What software versions are affected by CVE-2022-32550?
The following software versions are affected by CVE-2022-32550: 1Password for Android versions 7.0 to 7.9.3, 1Password for macOS versions 7.0 to 7.9.5, 1Password for iOS versions 7.0 to 7.9.6, 1Password for Windows versions 7.0 to 7.9.829, 1Password for Linux versions 8.0 to 8.7.1, 1Password for macOS versions 8.0 to 8.7.1, 1Password for Windows versions 8.0 to 8.7.1, 1Password for iOS versions 8.0 to 8.8.0-94, 1Password for Android versions 8.0 to 8.8.0-104, 1Password in the Browser versions up to 2.3.4, 1Password command-line versions 1.0.0 to 1.12.5, 1Password Connect versions up to 1.5.3, and 1Password SCIM Bridge versions up to 2.3.2.
How can a malicious server exploit CVE-2022-32550?
A malicious server can exploit CVE-2022-32550 by convincing a 1Password app or integration that it is communicating with the 1Password service.
Is there a fix available for CVE-2022-32550?
Yes, a fix for CVE-2022-32550 is available. It is recommended to update to the latest version of the affected software.
- agent/type
- agent/severity
- agent/references
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/source
- agent/author
- agent/softwarecombine
- agent/tags
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/1password
- canonical/1password
- version/1password/7.0
- version/1password/8.0
- version/1password/2.0.0
- version/1password/1.0.0