Unrated severityNVD Advisory· Published Jul 15, 2021· Updated Aug 4, 2024
CVE-2021-36758
CVE-2021-36758
Description
1Password Connect server before 1.2 is missing validation checks, permitting users to create Secrets Automation access tokens that can be used to perform privilege escalation. Malicious users authorized to create Secrets Automation access tokens can create tokens that have access beyond what the user is authorized to access, but limited to the existing authorizations of the Secret Automation the token is created in.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- 1Password/Connect serverdescription
- Range: <1.2
Patches
Vulnerability mechanics
References
1- support.1password.com/kb/202106/mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.