CVE-2019-19022

{"id": "CVE-2019-19022", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2019-11-17T18:15:11.503", "references": [{"url": "https://gitlab.com/gnachman/iterm2/issues/8491", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-200"}]}], "descriptions": [{"lang": "en", "value": "iTerm2 through 3.3.6 has potentially insufficient documentation about the presence of search history in com.googlecode.iterm2.plist, which might allow remote attackers to obtain sensitive information, as demonstrated by searching for the NoSyncSearchHistory string in .plist files within public Git repositories."}, {"lang": "es", "value": "iTerm2 versiones hasta 3.3.6, posee una documentaci\u00f3n potencialmente insuficiente sobre la presencia del historial de b\u00fasqueda en com.googlecode.iterm2.plist, lo que podr\u00eda permitir a atacantes remotos obtener informaci\u00f3n confidencial, como es demostrado mediante la b\u00fasqueda de la cadena NoSyncSearchHistory en archivos .plist en repositorios de Git p\u00fablicos."}], "lastModified": "2019-11-19T19:03:13.203", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:iterm2:iterm2:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F6CA7E37-00B5-4EDE-A96B-83A127175E0E", "versionEndIncluding": "3.3.6"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}