CVE-2022-29868

MEDIUM

1Password 7.2.4-7.9.x < 7.9.3 - Unauthenticated Sensitive Information Exposure via Process Validation Bypass

Title source: llm
STIX 2.1

Description

1Password for Mac 7.2.4 through 7.9.x before 7.9.3 is vulnerable to a process validation bypass. Malicious software running on the same computer can exfiltrate secrets from 1Password provided that 1Password is running and is unlocked. Affected secrets include vault items and derived values used for signing in to 1Password.

References (1)

Core 1
Core References
Vendor Advisory x_refsource_misc
https://support.1password.com/kb/202204/

Scores

CVSS v3 5.5
EPSS 0.0015
EPSS Percentile 5.0%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Details

CWE
CWE-312
Status published
Products (1)
1password/1password 7.2.4 - 7.9.3
Published May 09, 2022
Tracked Since Feb 18, 2026