CVE-2018-6591

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2018-6591

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2018-6591.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2018-6591

Aliases

GHSA-mv4h-qm24-x4gh

Published

2018-02-19T14:29:00Z

Modified

2024-10-12T04:04:57.250079Z

Severity

5.3 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS Calculator

Summary

[none]

Details

Converse.js and Inverse.js through 3.3 allow remote attackers to obtain sensitive information because it is too difficult to determine whether safe publication of private data was configured or even intended. For example, users might have an expectation that chatroom bookmarks are private, but the various interacting software components do not necessarily make that happen.

References

https://gultsch.de/converse_bookmarks.html

Affected packages

Git / github.com/jcbrand/converse.js

Affected ranges

Type: GIT
Repo: https://github.com/jcbrand/converse.js
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

8f455cf9022d8d36104687644c4de47fc192a30d

Affected versions

0.*

0.9.4

3.*

3.2.0-rc

v0.*

v0.10.0

v0.10.1

v0.2

v0.3

v0.4

v0.5.0

v0.5.1

v0.5.2

v0.6.0

v0.6.1

v0.6.2

v0.6.3

v0.6.4

v0.6.5

v0.6.6

v0.7.0

v0.7.1

v0.7.2

v0.7.3

v0.7.4

v0.8.0

v0.8.1

v0.8.2

v0.8.3

v0.8.4

v0.8.5

v0.8.6

v0.9.0

v0.9.1

v0.9.2

v0.9.3

v0.9.4

v0.9.5

v0.9.6

v1.*

v1.0.0

v1.0.1

v1.0.2

v1.0.3

v1.0.4

v1.0.5

v1.0.6

v2.*

v2.0.0

v2.0.1

v2.0.2

v2.0.3

v2.0.4

v2.0.5

v3.*

v3.0.0

v3.0.1

v3.0.2

v3.1.0

v3.1.1

v3.2.0

v3.2.1

v3.3.0