Information Disclosure Vulnerability in iTerm2 by Gnachman
CVE-2015-9231

7.5HIGH

Key Information:

Vendor

Iterm2

Status
Iterm2
Vendor
CVE Published:
20 September 2017

What is CVE-2015-9231?

A vulnerability in iTerm2 versions prior to 3.1.1 allows remote attackers to discover sensitive information, including passwords, by sending unencrypted DNS queries when attempting to identify URLs in the text under the cursor or selected text. This feature, introduced in iTerm2 3.0.0, compromises user privacy by exposing critical data without user awareness.

References

https://gitlab.com/gnachman/iterm2/issues/6050
x_refsource_MISC
https://gitlab.com/gnachman/iterm2/issues/5303
x_refsource_MISC
https://github.com/gnachman/iTerm2/commit/33ccaf61e34ef32...
x_refsource_MISC

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability Reserved

  • Vulnerability published

.