Insufficient Documentation of Search History in iTerm2 Allows for Sensitive Information Disclosure

Insufficient Documentation of Search History in iTerm2 Allows for Sensitive Information Disclosure

CVE-2019-19022 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

iTerm2 through 3.3.6 has potentially insufficient documentation about the presence of search history in com.googlecode.iterm2.plist, which might allow remote attackers to obtain sensitive information, as demonstrated by searching for the NoSyncSearchHistory string in .plist files within public Git repositories.

Learn more about our Web Application Penetration Testing UK.