PT-2021-17164 · Agilebits · 1Password Scim Bridge

Published

2021-02-08

Updated

2022-07-12

CVE-2021-26905

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions: 1Password SCIM Bridge versions prior to 1.6.2

Description: The issue concerns the mishandling of validation for authenticated requests related to log files, potentially leading to the disclosure of a TLS private key.

Recommendations: For versions prior to 1.6.2, update to version 1.6.2 or later to resolve the issue.

Fix

Improper Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-287

Related Identifiers

CVE-2021-26905

Affected Products

1Password Scim Bridge

PT-2021-17164 · Agilebits · 1Password Scim Bridge

CVE-2021-26905

Weakness Enumeration

Related Identifiers

Affected Products

References · 6