exploitDog

CVE-2021-26905

Опубликовано: 08 фев. 2021

Источник: nvd

CVSS3: 6.5

CVSS2: 4

EPSS Низкий

Описание

1Password SCIM Bridge before 1.6.2 mishandles validation of authenticated requests for log files, leading to disclosure of a TLS private key.

Ссылки

https://app-updates.agilebits.com/product_history/SCIM
Release Notes
Third Party Advisory
https://support.1password.com/kb/202102/
Mitigation
Vendor Advisory
https://app-updates.agilebits.com/product_history/SCIM
Release Notes
Third Party Advisory
https://support.1password.com/kb/202102/
Mitigation
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:1password:scim_bridge:*:*:*:*:*:*:*:*

Версия от 1.0.0 (включая) до 1.6.2 (исключая)

EPSS

Процентиль: 44%

0.00219

Низкий

6.5 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-287

Связанные уязвимости

GHSA-826j-q2q2-rcq4

CVSS3: 6.5

github

больше 3 лет назад

1Password SCIM Bridge before 1.6.2 mishandles validation of requests for log files.

EPSS

Процентиль: 44%

0.00219

Низкий

6.5 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-287