CVE-2018-6591

MEDIUM5.3EPSS 0.27%

Converse.js Exposure of Sensitive Information

發布日:2022/5/14修改日:2024/2/16

描述

Converse.js and Inverse.js through 3.3 allow remote attackers to obtain sensitive information because it is too difficult to determine whether safe publication of private data was configured or even intended. For example, users might have an expectation that chatroom bookmarks are private, but the various interacting software components do not necessarily make that happen.

受影響套件(2)

npm/converse.jsfrom 0, < 3.3.3
Packagist/jcbrand/converse.jsfrom 0, < 3.3.3

CVSS 分數

來源	版本	嚴重程度	向量
osv	CVSS 3.1	MEDIUM5.3	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

參考連結(4)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2018-6591
PATCHhttps://github.com/conversejs/converse.js
WEBhttps://github.com/conversejs/converse.js/commit/ba09996998df38a5eb76903457fbb1077caabe25
WEBhttps://gultsch.de/converse_bookmarks.html