CVE-2021-41795

{"id": "CVE-2021-41795", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 2.8}]}, "published": "2021-09-29T21:15:07.653", "references": [{"url": "https://support.1password.com/kb/202109/", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "The Safari app extension bundled with 1Password for Mac 7.7.0 through 7.8.x before 7.8.7 is vulnerable to authorization bypass. By targeting a vulnerable component of this extension, a malicious web page could read a subset of 1Password vault items that would normally be fillable by the user on that web page. These items are usernames and passwords for vault items associated with its domain, usernames and passwords without a domain association, credit cards, and contact items. (1Password must be unlocked for these items to be accessible, but no further user interaction is required.)"}, {"lang": "es", "value": "La extensi\u00f3n de la aplicaci\u00f3n Safari incluida en 1Password para Mac versiones 7.7.0 hasta 7.8.x anteriores a 7.8.7, es vulnerable a una omisi\u00f3n de autorizaci\u00f3n. Al dirigirse a un componente vulnerable de esta extensi\u00f3n, una p\u00e1gina web maliciosa podr\u00eda leer un subconjunto de elementos del almac\u00e9n de 1Password que normalmente podr\u00eda rellenar el usuario en esa p\u00e1gina web. Estos elementos son los nombres de usuario y las contrase\u00f1as de los elementos del almac\u00e9n asociados a su dominio, los nombres de usuario y las contrase\u00f1as sin asociaci\u00f3n de dominio, las tarjetas de cr\u00e9dito y los elementos de contacto. (1Password debe estar desbloqueado para que estos elementos sean accesibles, pero no es requerida ninguna otra interacci\u00f3n del usuario)"}], "lastModified": "2022-07-12T17:42:04.277", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:1password:1password:*:*:*:*:*:macos:*:*", "vulnerable": true, "matchCriteriaId": "FB6DDAA6-EB40-4954-8CE8-04D85ED773E0", "versionEndExcluding": "7.8.7", "versionStartIncluding": "7.7.0"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}