GSA_kwCzR0hTQS00eHd3LTZoN3YtMjlqZ80gyw

Moderate EPSS: 0.0021% (0.43662 Percentile) EPSS:

Permalink JSON

User enumeration in livehelperchat

Affected Packages	Affected Versions	Fixed Versions
packagist:remdex/livehelperchat	< 3.91	3.91
0 Dependent packages 5 Dependent repositories 372 Downloads total Affected Version Ranges All affected versions All unaffected versions

livehelperchat is vulnerable to Generation of Error Message Containing Sensitive Information. There is an observable discrepancy between errors generated for users that exist and those that do not.

References:

https://nvd.nist.gov/vuln/detail/CVE-2022-0083
https://github.com/livehelperchat/livehelperchat/commit/fbed8728be59040a7218610e72f6eceb5f8bc152
https://huntr.dev/bounties/4c477440-3b03-42eb-a6e2-a31b55090736
https://github.com/advisories/GHSA-4xww-6h7v-29jg

Identifiers

GHSA-4xww-6h7v-29jg

CVE-2022-0083

Risk

Severity

Moderate

EPSS

EPSS Percentage: 0.0021

EPSS Percentile: 0.43662

Classification

General

Source

GitHub Advisory Database

Origin

Unspecified

Repository

https://github.com/livehelperchat/livehelperchat

Date and time

Published

over 3 years ago

Updated

over 2 years ago

API

JSON

ecosyste.ms

Data

Tools

Indexes

Applications

Experiments

Advisories