Lucene search

MitreCVE-2018-6591

HistoryFeb 19, 2018 - 2:29 p.m.

CVE-2018-6591

2018-02-1914:29:00

CWE-200

mitre

web.nvd.nist.gov

cve-2018-6591

converse.js

inverse.js

remote attackers

sensitive information

chatroom bookmarks

information security

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

AI Score

5.1

Confidence

High

EPSS

0.002

Percentile

53.1%

JSON

Converse.js and Inverse.js through 3.3 allow remote attackers to obtain sensitive information because it is too difficult to determine whether safe publication of private data was configured or even intended. For example, users might have an expectation that chatroom bookmarks are private, but the various interacting software components do not necessarily make that happen.

Affected configurations

Nvd

Node

conversejsconverse.jsRange≤3.3

VendorProductVersionCPE
conversejsconverse.js*cpe:2.3:a:conversejs:converse.js:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
conversejs	converse.js	*	cpe:2.3:a:conversejs:converse.js::::::::

References

gultsch.de/converse_bookmarks.html

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

AI Score

5.1

Confidence

High

EPSS

0.002

Percentile

53.1%

JSON

Related for CVE-2018-6591