Описание
iTerm2 through 3.3.6 has potentially insufficient documentation about the presence of search history in com.googlecode.iterm2.plist, which might allow remote attackers to obtain sensitive information, as demonstrated by searching for the NoSyncSearchHistory string in .plist files within public Git repositories.
Ссылки
- ExploitThird Party Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 3.3.6 (включая)
cpe:2.3:a:iterm2:iterm2:*:*:*:*:*:*:*:*
EPSS
Процентиль: 67%
0.00528
Низкий
7.5 High
CVSS3
5 Medium
CVSS2
Дефекты
CWE-200
Связанные уязвимости
CVSS3: 7.5
github
больше 3 лет назад
iTerm2 through 3.3.6 has potentially insufficient documentation about the presence of search history in com.googlecode.iterm2.plist, which might allow remote attackers to obtain sensitive information, as demonstrated by searching for the NoSyncSearchHistory string in .plist files within public Git repositories.
EPSS
Процентиль: 67%
0.00528
Низкий
7.5 High
CVSS3
5 Medium
CVSS2
Дефекты
CWE-200