CVE-2018-6591

MEDIUM5.3EPSS 0.27%

Converse.js Exposure of Sensitive Information

Published: 5/14/2022Modified: 2/16/2024

Description

Converse.js and Inverse.js through 3.3 allow remote attackers to obtain sensitive information because it is too difficult to determine whether safe publication of private data was configured or even intended. For example, users might have an expectation that chatroom bookmarks are private, but the various interacting software components do not necessarily make that happen.

Affected packages (2)

npm/converse.jsfrom 0, < 3.3.3
Packagist/jcbrand/converse.jsfrom 0, < 3.3.3

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	MEDIUM5.3	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

References (4)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2018-6591
PATCHhttps://github.com/conversejs/converse.js
WEBhttps://github.com/conversejs/converse.js/commit/ba09996998df38a5eb76903457fbb1077caabe25
WEBhttps://gultsch.de/converse_bookmarks.html