PT-2019-13894 · Jetbrains · Jetbrains Vim Plugin

Published

2019-10-01

Updated

2019-10-08

CVE-2019-14957

CVSS v3.1

5.3

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions JetBrains Vim plugin versions prior to 0.52

Description The issue concerns the storage of individual project data in the global vim settings.xml file, which could be synchronized to a publicly accessible GitHub repository, potentially exposing sensitive information.

Recommendations For versions prior to 0.52, update to version 0.52 or later to resolve the issue.

Fix

Insecure Storage of Sensitive Information

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-922

Related Identifiers

CVE-2019-14957

Affected Products

Jetbrains Vim Plugin

PT-2019-13894 · Jetbrains · Jetbrains Vim Plugin

CVE-2019-14957

Weakness Enumeration

Related Identifiers

Affected Products

References · 3