CVE-2018-6591

MEDIUM

Converse.js < 3.3 - Unintended Exposure of Sensitive Information

Title source: llm
STIX 2.1

Description

Converse.js and Inverse.js through 3.3 allow remote attackers to obtain sensitive information because it is too difficult to determine whether safe publication of private data was configured or even intended. For example, users might have an expectation that chatroom bookmarks are private, but the various interacting software components do not necessarily make that happen.

References (1)

Core 1
Core References
Mitigation, Third Party Advisory x_refsource_misc
https://gultsch.de/converse_bookmarks.html

Scores

CVSS v3 5.3
EPSS 0.0110
EPSS Percentile 61.7%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Details

CWE
CWE-200
Status published
Products (3)
conversejs/converse.js < 3.3
jcbrand/converse.js 0 - 3.3.3Packagist
npm/converse.js 0 - 3.3.3npm
Published Feb 19, 2018
Tracked Since Feb 18, 2026