Disclosure of TLS Private Key in 1Password SCIM Bridge before 1.6.2

Disclosure of TLS Private Key in 1Password SCIM Bridge before 1.6.2

CVE-2021-26905 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

1Password SCIM Bridge before 1.6.2 mishandles validation of authenticated requests for log files, leading to disclosure of a TLS private key.

Learn more about our Web Application Penetration Testing UK.