CVE-2021-36758

Name of the Vulnerable Software and Affected Versions 1Password Connect server version 1.2 and earlier

Description The issue is related to missing validation checks in the 1Password Connect server, allowing users to create Secrets Automation access tokens for privilege escalation. Malicious users authorized to create these tokens can access beyond their authorized limits, but only within the existing authorizations of the Secret Automation the token is created in.

Recommendations For versions prior to 1.2, update to version 1.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the Secrets Automation access token creation feature to minimize the risk of exploitation.