Lucene search

[email protected]CVE-2019-19022

HistoryNov 17, 2019 - 6:15 p.m.

CVE-2019-19022

2019-11-1718:15:11

CWE-200

[email protected]

web.nvd.nist.gov

iterm2

cve-2019-19022

security vulnerability

sensitive information

remote attackers

documentation

search history

com.googlecode.iterm2.plist

.plist files

public git repositories

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

7.5 High

AI Score

Confidence

High

0.022 Low

EPSS

Percentile

89.5%

JSON

iTerm2 through 3.3.6 has potentially insufficient documentation about the presence of search history in com.googlecode.iterm2.plist, which might allow remote attackers to obtain sensitive information, as demonstrated by searching for the NoSyncSearchHistory string in .plist files within public Git repositories.

Affected configurations

NVD

Node

iterm2iterm2Range≤3.3.6

CPENameOperatorVersion
iterm2:iterm2iterm2le3.3.6

CPE	Name	Operator	Version
iterm2:iterm2	iterm2	le	3.3.6

References

gitlab.com/gnachman/iterm2/issues/8491

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

7.5 High

AI Score

Confidence

High

0.022 Low

EPSS

Percentile

89.5%

JSON

Related for CVE-2019-19022

osv1 prion1 nvd1 cvelist1