{"api_version":"1","generated_at":"2026-04-23T00:39:31+00:00","cve":"CVE-2019-19022","urls":{"html":"https://cve.report/CVE-2019-19022","api":"https://cve.report/api/cve/CVE-2019-19022.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2019-19022","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2019-19022"},"summary":{"title":"CVE-2019-19022","description":"iTerm2 through 3.3.6 has potentially insufficient documentation about the presence of search history in com.googlecode.iterm2.plist, which might allow remote attackers to obtain sensitive information, as demonstrated by searching for the NoSyncSearchHistory string in .plist files within public Git repositories.","state":"PUBLIC","assigner":"cve@mitre.org","published_at":"2019-11-17 18:15:00","updated_at":"2019-11-19 19:03:00"},"problem_types":["CWE-200"],"metrics":[],"references":[{"url":"https://gitlab.com/gnachman/iterm2/issues/8491","name":"https://gitlab.com/gnachman/iterm2/issues/8491","refsource":"MISC","tags":["Exploit","Third Party Advisory"],"title":"The preference file leaks sensitive search history (#8491) · Issues · George Nachman / iterm2 · GitLab","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2019-19022","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-19022","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2019","cve_id":"19022","vulnerable":"1","versionEndIncluding":"3.3.6","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"iterm2","cpe5":"iterm2","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2019-19022","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"iTerm2 through 3.3.6 has potentially insufficient documentation about the presence of search history in com.googlecode.iterm2.plist, which might allow remote attackers to obtain sensitive information, as demonstrated by searching for the NoSyncSearchHistory string in .plist files within public Git repositories."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"url":"https://gitlab.com/gnachman/iterm2/issues/8491","refsource":"MISC","name":"https://gitlab.com/gnachman/iterm2/issues/8491"}]}},"nvd":{"publishedDate":"2019-11-17 18:15:00","lastModifiedDate":"2019-11-19 19:03:00","problem_types":["CWE-200"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE","baseScore":7.5,"baseSeverity":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:N/A:N","accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE","baseScore":5},"severity":"MEDIUM","exploitabilityScore":10,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:iterm2:iterm2:*:*:*:*:*:*:*:*","versionEndIncluding":"3.3.6","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2019","CveId":"19022","Ordinal":"160588","Title":"CVE-2019-19022","CVE":"CVE-2019-19022","Year":"2019"},"notes":[{"CveYear":"2019","CveId":"19022","Ordinal":"1","NoteData":"iTerm2 through 3.3.6 has potentially insufficient documentation about the presence of search history in com.googlecode.iterm2.plist, which might allow remote attackers to obtain sensitive information, as demonstrated by searching for the NoSyncSearchHistory string in .plist files within public Git repositories.","Type":"Description","Title":null},{"CveYear":"2019","CveId":"19022","Ordinal":"2","NoteData":"2019-11-17","Type":"Other","Title":"Published"},{"CveYear":"2019","CveId":"19022","Ordinal":"3","NoteData":"2019-11-17","Type":"Other","Title":"Modified"}]}}}