CVE-2018-6591
MEDIUMConverse.js < 3.3 - Unintended Exposure of Sensitive Information
Title source: llmDescription
Converse.js and Inverse.js through 3.3 allow remote attackers to obtain sensitive information because it is too difficult to determine whether safe publication of private data was configured or even intended. For example, users might have an expectation that chatroom bookmarks are private, but the various interacting software components do not necessarily make that happen.
References (1)
Core 1
Core References
Mitigation, Third Party Advisory x_refsource_misc
https://gultsch.de/converse_bookmarks.html
Scores
CVSS v3
5.3
EPSS
0.0110
EPSS Percentile
61.7%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Details
CWE
CWE-200
Status
published
Products (3)
conversejs/converse.js
< 3.3
jcbrand/converse.js
0 - 3.3.3Packagist
npm/converse.js
0 - 3.3.3npm
Published
Feb 19, 2018
Tracked Since
Feb 18, 2026