CVE Vulnerability

CVE-2022-3876

A vulnerability, which was classified as problematic, has been found in Click Studios Passwordstate and Passwordstate Browser Extension Chrome. This issue affects some unknown processing of the file /api/browserextension/UpdatePassword/ of the component API. The manipulation of the argument PasswordID leads to authorization bypass. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component. The identifier VDB-216245 was assigned to this vulnerability.

6.5 /10

CVSS v3.0 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://www.modzero.com/static/MZ-22-03_Passwordstate_Security_Disclosure_Report-v1.0.pdf Exploit Third Party Advisory
https://modzero.com/modlog/archives/2022/12/19/better_make_sure_your_password_manager_is_secure/index.html Exploit Technical Description
https://vuldb.com/?id.216245 Permissions Required Third Party Advisory
Configurations

Configuration 1

cpe:2.3:a:clickstudios:passwordstate:-:*:*:*:*:chrome:*:*
cpe:2.3:a:clickstudios:passwordstate:-:*:*:*:*:-:*:*
Information

Published : 2022-12-19 11:15

Updated : 2022-12-28 07:13

NVD link : CVE-2022-3876

Mitre link : CVE-2022-3876

Products Affected
No products.
CWE
CWE-639