CVE-2022-0083

HIGH7.3EPSS 0.21%

User enumeration in livehelperchat

發布日:2022/1/21修改日:2024/12/4

也稱為:GHSA-4xww-6h7v-29jgBIT-livehelperchat-2022-0083

描述

livehelperchat is vulnerable to Generation of Error Message Containing Sensitive Information. There is an observable discrepancy between errors generated for users that exist and those that do not.

受影響套件(2)

Bitnami/livehelperchatfrom 0, < 3.91.0
Packagist/remdex/livehelperchatfrom 0, < 3.91

CVSS 分數

來源	版本	嚴重程度	向量
osv	CVSS 3.1	HIGH7.3	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

參考連結(4)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2022-0083
PATCHhttps://github.com/livehelperchat/livehelperchat
WEBhttps://github.com/livehelperchat/livehelperchat/commit/fbed8728be59040a7218610e72f6eceb5f8bc152
WEBhttps://huntr.dev/bounties/4c477440-3b03-42eb-a6e2-a31b55090736