CVE-2022-0083

HIGH7.3EPSS 0.21%

User enumeration in livehelperchat

Published: 1/21/2022Modified: 12/4/2024

Description

livehelperchat is vulnerable to Generation of Error Message Containing Sensitive Information. There is an observable discrepancy between errors generated for users that exist and those that do not.

Affected packages (2)

Bitnami/livehelperchatfrom 0, < 3.91.0
Packagist/remdex/livehelperchatfrom 0, < 3.91

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	HIGH7.3	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

References (4)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2022-0083
PATCHhttps://github.com/livehelperchat/livehelperchat
WEBhttps://github.com/livehelperchat/livehelperchat/commit/fbed8728be59040a7218610e72f6eceb5f8bc152
WEBhttps://huntr.dev/bounties/4c477440-3b03-42eb-a6e2-a31b55090736