CVE-2022-3540

An issue has been discovered in hunter2 affecting all versions before 2.1.0. Improper handling of auto-completion input allows an authenticated attacker to extract other users email addresses
References
Link Resource
https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3540.json Third Party Advisory VDB Entry
https://gitlab.com/hunter2.app/hunter2/-/issues/529 Issue Tracking Third Party Advisory
Configurations

Configuration 1

cpe:2.3:a:hunter2_project:hunter2:*:*:*:*:*:*:*:*

Information

Published : 2022-10-17 04:15

Updated : 2022-10-20 04:34


NVD link : CVE-2022-3540

Mitre link : CVE-2022-3540

Products Affected
No products.
CWE
CWE-312

Cleartext Storage of Sensitive Information