CVE-2022-0083 – remdex/livehelperchat

Package

Manager: composer
Name: remdex/livehelperchat
Vulnerable Version: >=0 <3.91

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:U/RC:C

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

EPSS: 0.0021 pctl0.43483

Details

User enumeration in livehelperchat livehelperchat is vulnerable to Generation of Error Message Containing Sensitive Information. There is an observable discrepancy between errors generated for users that exist and those that do not.

Metadata

Created: 2022-01-21T23:37:07Z
Modified: 2022-01-12T19:34:13Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/01/GHSA-4xww-6h7v-29jg/GHSA-4xww-6h7v-29jg.json
CWE IDs: ["CWE-209"]
Alternative ID: GHSA-4xww-6h7v-29jg
Finding: F037
Auto approve: 1