CVE-2022-3876

Name of the Vulnerable Software and Affected Versions Click Studios Passwordstate (affected versions not specified) Click Studios Passwordstate Browser Extension Chrome (affected versions not specified)

Description A problematic issue has been found in the API component, affecting the processing of the file /api/browserextension/UpdatePassword/. The manipulation of the PasswordID argument leads to authorization bypass. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

Recommendations Upgrade the affected component to a newer version. As a temporary workaround, consider restricting access to the /api/browserextension/UpdatePassword/ API endpoint until a patch is available. Avoid using the PasswordID argument in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.