CVE-2018-13042

Опубликовано: 05 окт. 2018

Источник: nvd

CVSS3: 5.9

CVSS2: 4.3

EPSS Средний

Описание

The 1Password application 6.8 for Android is affected by a Denial Of Service vulnerability. By starting the activity com.agilebits.onepassword.filling.openyolo.OpenYoloDeleteActivity or com.agilebits.onepassword.filling.openyolo.OpenYoloRetrieveActivity from an external application (since they are exported), it is possible to crash the 1Password instance.

Ссылки

https://app-updates.agilebits.com/product_history/OPA4
Vendor Advisory
https://www.exploit-db.com/exploits/46165/
Third Party Advisory
VDB Entry
https://www.valbrux.it/blog/2019/01/22/cve-2018-13042-1password-android-7-0-denial-of-service/
https://app-updates.agilebits.com/product_history/OPA4
Vendor Advisory
https://www.exploit-db.com/exploits/46165/
Third Party Advisory
VDB Entry
https://www.valbrux.it/blog/2019/01/22/cve-2018-13042-1password-android-7-0-denial-of-service/

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:1password:1password:6.8:*:*:*:*:android:*:*

EPSS

Процентиль: 93%

0.10158

Средний

5.9 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-20

Связанные уязвимости

GHSA-m7f4-g3jc-wr42