CVE-2018-19863

An issue was discovered in 1Password 7.2.3.BETA before 7.2.3.BETA-3 on macOS. A mistake in error logging resulted in instances where sensitive data passed from Safari to 1Password could be logged locally on the user's machine. This data could include usernames and passwords that a user manually entered into Safari.

Published: Dec 22, 2018
Updated: Apr 13, 2023
CVE: CVE-2018-19863
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 5.5
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CVSS v2:

Severity: Low
Score: 2.1
AV:L/AC:L/Au:N/C:P/I:N/A:N

CWEs:

CWE-532

Affected Software
References

Software	From	Fixed in
agilebits / 1password	7.2.3-beta0	7.2.3-beta0.x
agilebits / 1password	7.2.3-beta1	7.2.3-beta1.x
agilebits / 1password	7.2.3-beta2	7.2.3-beta2.x

https://app-updates.agilebits.com/product_history/OPM7#v70203009
https://discussions.agilebits.com/discussion/99429/the-security-content-of=-betas-7-2-3-beta-3-and-7-2-3-beta-4/p1?new=3D1
https://support.1password.com/kb/201812/

Vulnerability Database

289,784

CVE-2018-19863