CVE-2022-4612

MEDIUM

Click Studios Passwordstate - Info Disclosure

Title source: llm

Description

A vulnerability has been found in Click Studios Passwordstate and Passwordstate Browser Extension Chrome and classified as problematic. This vulnerability affects unknown code. The manipulation leads to insufficiently protected credentials. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component. VDB-216274 is the identifier assigned to this vulnerability.

References (3)

[Exploit, Third Party Advisory] https://modzero.com/modlog/archives/2022/12/19/better_make_sure_your_password_manager_is_secure/index.html

[Third Party Advisory] https://vuldb.com/?id.216274

[Exploit, Third Party Advisory] https://www.modzero.com/static/MZ-22-03_Passwordstate_Security_Disclosure_Report-v1.0.pdf

Scores

CVSS v3 4.3

EPSS 0.0021

EPSS Percentile 43.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Classification

CWE

CWE-522

Status published

Affected Products (9)

clickstudios/passwordstate < 9.5

clickstudios/passwordstate

Timeline

Published Dec 19, 2022

Tracked Since Feb 18, 2026