iTerm2 through 3.3.6 has potentially insufficient documentation about the presence of search history in com.googlecode.iterm2.plist, which might allow remote attackers to obtain sensitive information, as demonstrated by searching for the NoSyncSearchHistory string in .plist files within public Git repositories.
References
Link | Resource |
---|---|
https://gitlab.com/gnachman/iterm2/issues/8491 | Exploit Third Party Advisory |
https://gitlab.com/gnachman/iterm2/issues/8491 | Exploit Third Party Advisory |
Configurations
History
21 Nov 2024, 04:34
Type | Values Removed | Values Added |
---|---|---|
References | () https://gitlab.com/gnachman/iterm2/issues/8491 - Exploit, Third Party Advisory |
Information
Published : 2019-11-17 18:15
Updated : 2024-11-21 04:34
NVD link : CVE-2019-19022
Mitre link : CVE-2019-19022
CVE.ORG link : CVE-2019-19022
JSON object : View
Products Affected
iterm2
- iterm2
CWE
CWE-200
Exposure of Sensitive Information to an Unauthorized Actor