GHSA-4xww-6h7v-29jg

Source

https://github.com/advisories/GHSA-4xww-6h7v-29jg

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/01/GHSA-4xww-6h7v-29jg/GHSA-4xww-6h7v-29jg.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-4xww-6h7v-29jg

Aliases

Published

2022-01-21T23:37:07Z

Modified

2024-12-04T05:24:24.580025Z

Summary

User enumeration in livehelperchat

Details

livehelperchat is vulnerable to Generation of Error Message Containing Sensitive Information. There is an observable discrepancy between errors generated for users that exist and those that do not.

Database specific

{
    "nvd_published_at": "2022-01-04T07:15:00Z",
    "cwe_ids": [
        "CWE-209"
    ],
    "severity": "MODERATE",
    "github_reviewed": true,
    "github_reviewed_at": "2022-01-12T19:34:13Z"
}

References

Affected packages

Packagist / remdex/livehelperchat

Package

Name: remdex/livehelperchat
Purl: pkg:composer/remdex/livehelperchat

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.91

Affected versions

1.*

1.74

1.81

1.82

1.83

1.84

1.85

1.86

1.87

1.88

1.89

1.90

1.91

1.93

1.94

1.95

1.98

2.*

2.0