Vulnerabilites related to iTerm2 - iTerm2
Vulnerability from fkie_nvd
Published
2025-01-03 05:15
Modified
2025-06-20 18:10
Severity ?
Summary
iTerm2 3.5.6 through 3.5.10 before 3.5.11 sometimes allows remote attackers to obtain sensitive information from terminal commands by reading the /tmp/framer.txt file. This can occur for certain it2ssh and SSH Integration configurations, during remote logins to hosts that have a common Python installation.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://gitlab.com/gnachman/iterm2/-/wikis/SSH-Integration-Information-Leak | Third Party Advisory | |
| cve@mitre.org | https://iterm2.com/downloads/stable/iTerm2-3_5_11.changelog | Release Notes | |
| cve@mitre.org | https://news.ycombinator.com/item?id=42579472 | Issue Tracking |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:iterm2:iterm2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "53EB11E1-F547-407A-A808-8E9C3042A4E3",
"versionEndExcluding": "3.5.11",
"versionStartIncluding": "3.5.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "iTerm2 3.5.6 through 3.5.10 before 3.5.11 sometimes allows remote attackers to obtain sensitive information from terminal commands by reading the /tmp/framer.txt file. This can occur for certain it2ssh and SSH Integration configurations, during remote logins to hosts that have a common Python installation."
},
{
"lang": "es",
"value": "iTerm2 3.5.6 a 3.5.10 antes de 3.5.11 a veces permite a atacantes remotos obtener informaci\u00f3n confidencial de comandos de terminal mediante la lectura del archivo /tmp/framer.txt. Esto puede ocurrir en ciertas configuraciones de it2ssh y de integraci\u00f3n SSH, durante inicios de sesi\u00f3n remotos en hosts que tienen una instalaci\u00f3n de Python com\u00fan."
}
],
"id": "CVE-2025-22275",
"lastModified": "2025-06-20T18:10:51.093",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 4.7,
"source": "cve@mitre.org",
"type": "Secondary"
}
]
},
"published": "2025-01-03T05:15:08.243",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://gitlab.com/gnachman/iterm2/-/wikis/SSH-Integration-Information-Leak"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes"
],
"url": "https://iterm2.com/downloads/stable/iTerm2-3_5_11.changelog"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking"
],
"url": "https://news.ycombinator.com/item?id=42579472"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-532"
}
],
"source": "cve@mitre.org",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-06-16 01:15
Modified
2025-06-18 16:40
Severity ?
Summary
In iTerm2 before 3.5.2, the "Terminal may report window title" setting is not honored, and thus remote code execution might occur but "is not trivially exploitable."
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:iterm2:iterm2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "53E02516-12F6-4237-819A-08BD2E17DC23",
"versionEndExcluding": "3.5.2",
"versionStartIncluding": "3.5.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In iTerm2 before 3.5.2, the \"Terminal may report window title\" setting is not honored, and thus remote code execution might occur but \"is not trivially exploitable.\""
},
{
"lang": "es",
"value": "En iTerm2 anterior a 3.5.2, la configuraci\u00f3n \"La terminal puede informar el t\u00edtulo de la ventana\" no se respeta y, por lo tanto, puede ocurrir la ejecuci\u00f3n remota de c\u00f3digo, pero \"no es trivialmente explotable\"."
}
],
"id": "CVE-2024-38395",
"lastModified": "2025-06-18T16:40:48.790",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2024-06-16T01:15:48.537",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2024/06/17/1"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "https://gitlab.com/gnachman/iterm2/-/commit/f1e89f78dd72dcac3ba66d3d6f93db3f7f649219"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes"
],
"url": "https://gitlab.com/gnachman/iterm2/-/tags/v3.5.2"
},
{
"source": "cve@mitre.org",
"tags": [
"Product"
],
"url": "https://iterm2.com/downloads.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List"
],
"url": "https://www.openwall.com/lists/oss-security/2024/06/15/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2024/06/17/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://gitlab.com/gnachman/iterm2/-/commit/f1e89f78dd72dcac3ba66d3d6f93db3f7f649219"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://gitlab.com/gnachman/iterm2/-/tags/v3.5.2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "https://iterm2.com/downloads.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "https://www.openwall.com/lists/oss-security/2024/06/15/1"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-94"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-10-22 04:15
Modified
2024-11-21 08:28
Severity ?
Summary
iTerm2 before 3.4.20 allow (potentially remote) code execution because of mishandling of certain escape sequences related to upload.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:iterm2:iterm2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AE5A8378-60FE-4F69-A7AA-DEE9393C51C8",
"versionEndExcluding": "3.4.20",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "iTerm2 before 3.4.20 allow (potentially remote) code execution because of mishandling of certain escape sequences related to upload."
},
{
"lang": "es",
"value": "iTerm2 anterior a 3.4.20 permite la ejecuci\u00f3n de c\u00f3digo (potencialmente remota) debido al mal manejo de ciertas secuencias de escape relacionadas con la carga."
}
],
"id": "CVE-2023-46301",
"lastModified": "2024-11-21T08:28:15.530",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-10-22T04:15:09.797",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://blog.solidsnail.com/posts/2023-08-28-iterm2-rce"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "https://github.com/gnachman/iTerm2/commit/85cbf5ebda472c9ec295887e99c2b6f1b5867f1b"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "https://github.com/gnachman/iTerm2/commit/b2268b03b5f3d4cd8ca275eaef5d16d0fac20009"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes"
],
"url": "https://iterm2.com/news.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://blog.solidsnail.com/posts/2023-08-28-iterm2-rce"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/gnachman/iTerm2/commit/85cbf5ebda472c9ec295887e99c2b6f1b5867f1b"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/gnachman/iTerm2/commit/b2268b03b5f3d4cd8ca275eaef5d16d0fac20009"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://iterm2.com/news.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-116"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-06-16 21:15
Modified
2025-06-20 18:05
Severity ?
Summary
An issue was discovered in iTerm2 3.5.x before 3.5.2. Unfiltered use of an escape sequence to report a window title, in combination with the built-in tmux integration feature (enabled by default), allows an attacker to inject arbitrary code into the terminal, a different vulnerability than CVE-2024-38395.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:iterm2:iterm2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "53E02516-12F6-4237-819A-08BD2E17DC23",
"versionEndExcluding": "3.5.2",
"versionStartIncluding": "3.5.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in iTerm2 3.5.x before 3.5.2. Unfiltered use of an escape sequence to report a window title, in combination with the built-in tmux integration feature (enabled by default), allows an attacker to inject arbitrary code into the terminal, a different vulnerability than CVE-2024-38395."
},
{
"lang": "es",
"value": "Se descubri\u00f3 un problema en iTerm2 3.5.x anterior a 3.5.2. El uso sin filtrar de una secuencia de escape para informar el t\u00edtulo de una ventana, en combinaci\u00f3n con la funci\u00f3n de integraci\u00f3n tmux incorporada (habilitada de forma predeterminada), permite a un atacante inyectar c\u00f3digo arbitrario en la terminal, una vulnerabilidad diferente a CVE-2024-38395."
}
],
"id": "CVE-2024-38396",
"lastModified": "2025-06-20T18:05:57.870",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2024-06-16T21:15:50.730",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List"
],
"url": "http://www.openwall.com/lists/oss-security/2024/06/17/1"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "https://gitlab.com/gnachman/iterm2/-/commit/fc60236a914d63fb70a5c632e211203a4f1bd4dd"
},
{
"source": "cve@mitre.org",
"tags": [
"Product"
],
"url": "https://iterm2.com/downloads.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "https://vin01.github.io/piptagole/escape-sequences/iterm2/rce/2024/06/16/iterm2-rce-window-title-tmux-integration.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "http://www.openwall.com/lists/oss-security/2024/06/17/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://gitlab.com/gnachman/iterm2/-/commit/fc60236a914d63fb70a5c632e211203a4f1bd4dd"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "https://iterm2.com/downloads.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "https://vin01.github.io/piptagole/escape-sequences/iterm2/rce/2024/06/16/iterm2-rce-window-title-tmux-integration.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-94"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-11-17 18:15
Modified
2024-11-21 04:34
Severity ?
Summary
iTerm2 through 3.3.6 has potentially insufficient documentation about the presence of search history in com.googlecode.iterm2.plist, which might allow remote attackers to obtain sensitive information, as demonstrated by searching for the NoSyncSearchHistory string in .plist files within public Git repositories.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://gitlab.com/gnachman/iterm2/issues/8491 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://gitlab.com/gnachman/iterm2/issues/8491 | Exploit, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:iterm2:iterm2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F6CA7E37-00B5-4EDE-A96B-83A127175E0E",
"versionEndIncluding": "3.3.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "iTerm2 through 3.3.6 has potentially insufficient documentation about the presence of search history in com.googlecode.iterm2.plist, which might allow remote attackers to obtain sensitive information, as demonstrated by searching for the NoSyncSearchHistory string in .plist files within public Git repositories."
},
{
"lang": "es",
"value": "iTerm2 versiones hasta 3.3.6, posee una documentaci\u00f3n potencialmente insuficiente sobre la presencia del historial de b\u00fasqueda en com.googlecode.iterm2.plist, lo que podr\u00eda permitir a atacantes remotos obtener informaci\u00f3n confidencial, como es demostrado mediante la b\u00fasqueda de la cadena NoSyncSearchHistory en archivos .plist en repositorios de Git p\u00fablicos."
}
],
"id": "CVE-2019-19022",
"lastModified": "2024-11-21T04:34:00.880",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-11-17T18:15:11.503",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://gitlab.com/gnachman/iterm2/issues/8491"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://gitlab.com/gnachman/iterm2/issues/8491"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-10-23 00:15
Modified
2024-11-21 08:28
Severity ?
Summary
iTermSessionLauncher.m in iTerm2 before 3.5.0beta12 does not sanitize paths in x-man-page URLs. They may have shell metacharacters for a /usr/bin/man command line.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:iterm2:iterm2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2DCBDFA5-07B5-4D12-95A7-EE26C15F0CCE",
"versionEndIncluding": "3.4.21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:iterm2:iterm2:3.5.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "37F1A1C2-AA8A-45A2-BCC7-36289E434567",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:iterm2:iterm2:3.5.0:beta10:*:*:*:*:*:*",
"matchCriteriaId": "A632C6D5-2180-4B02-B8F1-EBE4442C1BE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:iterm2:iterm2:3.5.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "8A35ECC8-B179-449F-97D7-47017B89E269",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:iterm2:iterm2:3.5.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "E238E921-DEC6-470E-94C3-9ACFCAE47C95",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:iterm2:iterm2:3.5.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "13D2A7C5-650D-456D-97E0-79D146657A43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:iterm2:iterm2:3.5.0:beta5:*:*:*:*:*:*",
"matchCriteriaId": "E67A594B-4ECA-4189-9C3A-08AF188F82DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:iterm2:iterm2:3.5.0:beta6:*:*:*:*:*:*",
"matchCriteriaId": "62D4145E-8CAA-439D-B917-BE332800EEC9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:iterm2:iterm2:3.5.0:beta7:*:*:*:*:*:*",
"matchCriteriaId": "5622F6B3-ECFC-44D7-AD72-1EBE28E8889D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:iterm2:iterm2:3.5.0:beta8:*:*:*:*:*:*",
"matchCriteriaId": "E81D1628-8B0A-4DC8-B176-6A2827D91F80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:iterm2:iterm2:3.5.0:beta9:*:*:*:*:*:*",
"matchCriteriaId": "6AC4F001-2578-46FE-996F-82DCB5DF3511",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "iTermSessionLauncher.m in iTerm2 before 3.5.0beta12 does not sanitize paths in x-man-page URLs. They may have shell metacharacters for a /usr/bin/man command line."
},
{
"lang": "es",
"value": "iTermSessionLauncher.m en iTerm2 anterior a 3.5.0beta12 no sanitiza las rutas en las URL de la p\u00e1gina de manual x. Pueden tener metacaracteres de shell para una l\u00ednea de comando /usr/bin/man."
}
],
"id": "CVE-2023-46321",
"lastModified": "2024-11-21T08:28:17.990",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-10-23T00:15:08.517",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://gitlab.com/gnachman/iterm2/-/commit/de3d351e1bd3bc1c1a4f85fe976c592e497dd071"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://iterm2.com/downloads.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://gitlab.com/gnachman/iterm2/-/commit/de3d351e1bd3bc1c1a4f85fe976c592e497dd071"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://iterm2.com/downloads.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-117"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-10-23 00:15
Modified
2024-11-21 08:28
Severity ?
Summary
iTermSessionLauncher.m in iTerm2 before 3.5.0beta12 does not sanitize ssh hostnames in URLs. The hostname's initial character may be non-alphanumeric. The hostname's other characters may be outside the set of alphanumeric characters, dash, and period.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:iterm2:iterm2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2DCBDFA5-07B5-4D12-95A7-EE26C15F0CCE",
"versionEndIncluding": "3.4.21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:iterm2:iterm2:3.5.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "37F1A1C2-AA8A-45A2-BCC7-36289E434567",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:iterm2:iterm2:3.5.0:beta10:*:*:*:*:*:*",
"matchCriteriaId": "A632C6D5-2180-4B02-B8F1-EBE4442C1BE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:iterm2:iterm2:3.5.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "8A35ECC8-B179-449F-97D7-47017B89E269",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:iterm2:iterm2:3.5.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "E238E921-DEC6-470E-94C3-9ACFCAE47C95",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:iterm2:iterm2:3.5.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "13D2A7C5-650D-456D-97E0-79D146657A43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:iterm2:iterm2:3.5.0:beta5:*:*:*:*:*:*",
"matchCriteriaId": "E67A594B-4ECA-4189-9C3A-08AF188F82DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:iterm2:iterm2:3.5.0:beta6:*:*:*:*:*:*",
"matchCriteriaId": "62D4145E-8CAA-439D-B917-BE332800EEC9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:iterm2:iterm2:3.5.0:beta7:*:*:*:*:*:*",
"matchCriteriaId": "5622F6B3-ECFC-44D7-AD72-1EBE28E8889D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:iterm2:iterm2:3.5.0:beta8:*:*:*:*:*:*",
"matchCriteriaId": "E81D1628-8B0A-4DC8-B176-6A2827D91F80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:iterm2:iterm2:3.5.0:beta9:*:*:*:*:*:*",
"matchCriteriaId": "6AC4F001-2578-46FE-996F-82DCB5DF3511",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "iTermSessionLauncher.m in iTerm2 before 3.5.0beta12 does not sanitize ssh hostnames in URLs. The hostname\u0027s initial character may be non-alphanumeric. The hostname\u0027s other characters may be outside the set of alphanumeric characters, dash, and period."
},
{
"lang": "es",
"value": "iTermSessionLauncher.m en iTerm2 anterior a 3.5.0beta12 no sanitiza los nombres de host ssh en las URL. El car\u00e1cter inicial del nombre de host puede no ser alfanum\u00e9rico. Los dem\u00e1s caracteres del nombre de host pueden estar fuera del conjunto de caracteres alfanum\u00e9ricos, guiones y puntos."
}
],
"id": "CVE-2023-46322",
"lastModified": "2024-11-21T08:28:18.157",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-10-23T00:15:08.560",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://gitlab.com/gnachman/iterm2/-/commit/ef7bb84520013b2524df9787d4aa9f2c96746c01"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://iterm2.com/downloads.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://gitlab.com/gnachman/iterm2/-/commit/ef7bb84520013b2524df9787d4aa9f2c96746c01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://iterm2.com/downloads.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-117"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-09-20 20:29
Modified
2025-04-20 01:37
Severity ?
Summary
iTerm2 3.x before 3.1.1 allows remote attackers to discover passwords by reading DNS queries. A new (default) feature was added to iTerm2 version 3.0.0 (and unreleased 2.9.x versions such as 2.9.20150717) that resulted in a potential information disclosure. In an attempt to see whether the text under the cursor (or selected text) was a URL, the text would be sent as an unencrypted DNS query. This has the potential to result in passwords and other sensitive information being sent in cleartext without the user being aware.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| iterm2 | iterm2 | 2.9.20151111 | |
| iterm2 | iterm2 | 2.9.20151229 | |
| iterm2 | iterm2 | 2.9.20160102 | |
| iterm2 | iterm2 | 2.9.20160113 | |
| iterm2 | iterm2 | 2.9.20160206 | |
| iterm2 | iterm2 | 2.9.20160313 | |
| iterm2 | iterm2 | 2.9.20160422 | |
| iterm2 | iterm2 | 2.9.20160426 | |
| iterm2 | iterm2 | 2.9.20160510 | |
| iterm2 | iterm2 | 2.9.20160523 | |
| iterm2 | iterm2 | 3.0.0 | |
| iterm2 | iterm2 | 3.0.0 | |
| iterm2 | iterm2 | 3.0.1 | |
| iterm2 | iterm2 | 3.0.2 | |
| iterm2 | iterm2 | 3.0.3 | |
| iterm2 | iterm2 | 3.0.4 | |
| iterm2 | iterm2 | 3.0.5 | |
| iterm2 | iterm2 | 3.0.6 | |
| iterm2 | iterm2 | 3.0.7 | |
| iterm2 | iterm2 | 3.0.8 | |
| iterm2 | iterm2 | 3.0.9 | |
| iterm2 | iterm2 | 3.0.10 | |
| iterm2 | iterm2 | 3.0.11 | |
| iterm2 | iterm2 | 3.0.12 | |
| iterm2 | iterm2 | 3.0.13 | |
| iterm2 | iterm2 | 3.0.14 | |
| iterm2 | iterm2 | 3.0.15 | |
| iterm2 | iterm2 | 3.0.20160531 | |
| iterm2 | iterm2 | 3.1.0 | |
| iterm2 | iterm2 | 3.1.0 | |
| iterm2 | iterm2 | 3.1.0 | |
| iterm2 | iterm2 | 3.1.0 | |
| iterm2 | iterm2 | 3.1.0 | |
| iterm2 | iterm2 | 3.1.0 | |
| iterm2 | iterm2 | 3.1.0 | |
| iterm2 | iterm2 | 3.1.0 | |
| iterm2 | iterm2 | 3.1.0 | |
| iterm2 | iterm2 | 3.1.0 | |
| iterm2 | iterm2 | 3.1.0 | |
| iterm2 | iterm2 | 3.1.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:iterm2:iterm2:2.9.20151111:*:*:*:*:*:*:*",
"matchCriteriaId": "D541D5B3-E66F-4C35-877C-8B171B6BF256",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:iterm2:iterm2:2.9.20151229:*:*:*:*:*:*:*",
"matchCriteriaId": "5A1F6681-3CD0-42BD-92C6-81D76BFC1275",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:iterm2:iterm2:2.9.20160102:*:*:*:*:*:*:*",
"matchCriteriaId": "FDEC933C-D7D1-4D18-9611-8A07071BD2B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:iterm2:iterm2:2.9.20160113:*:*:*:*:*:*:*",
"matchCriteriaId": "45C28CA6-C843-408F-8524-098B26981AA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:iterm2:iterm2:2.9.20160206:*:*:*:*:*:*:*",
"matchCriteriaId": "90CC7A9C-2BF8-44B7-A8AE-E2C0D452C474",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:iterm2:iterm2:2.9.20160313:*:*:*:*:*:*:*",
"matchCriteriaId": "6A4F0136-FB99-4951-B246-498A7501134E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:iterm2:iterm2:2.9.20160422:*:*:*:*:*:*:*",
"matchCriteriaId": "6798E204-DF84-4911-82CE-A87CA7A6D62E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:iterm2:iterm2:2.9.20160426:*:*:*:*:*:*:*",
"matchCriteriaId": "EB9179C2-0AB5-4E26-9D4A-98AA9C271A82",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:iterm2:iterm2:2.9.20160510:*:*:*:*:*:*:*",
"matchCriteriaId": "8A21448D-CF4A-4EC9-B154-5E05EC49A88A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:iterm2:iterm2:2.9.20160523:*:*:*:*:*:*:*",
"matchCriteriaId": "967F6537-D0FA-4AFB-BE1A-CFDD95755C8C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:iterm2:iterm2:3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "77FE4017-BEC1-417B-AFEA-79CB2629A090",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:iterm2:iterm2:3.0.0:preview:*:*:*:*:*:*",
"matchCriteriaId": "E10C2E76-3DDB-4B33-BE36-4DC537439A07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:iterm2:iterm2:3.0.1:preview:*:*:*:*:*:*",
"matchCriteriaId": "850DCE9E-5A29-4878-8820-E97F54E434EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:iterm2:iterm2:3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5533F002-4138-4C1F-A2BE-2AB87A825278",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:iterm2:iterm2:3.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "45A81082-568B-4700-985B-49443277655A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:iterm2:iterm2:3.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F3B51E61-58AC-4A18-B34A-82FC6BAF5D12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:iterm2:iterm2:3.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "1AB81CA9-3B12-4446-9CE2-0E8E72F816EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:iterm2:iterm2:3.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "2A50C85F-782E-43E1-A12C-F9B491086792",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:iterm2:iterm2:3.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "5E64E03B-3752-4D80-9DAE-227222EE53C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:iterm2:iterm2:3.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "9A7A7F88-B785-4D00-A6C1-ED974CA14127",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:iterm2:iterm2:3.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "14898C43-C43F-4704-943E-998E699392AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:iterm2:iterm2:3.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "F7966560-0C38-4154-AF67-DFAD114886FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:iterm2:iterm2:3.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "805896B0-57C0-4102-87D9-9746D48C623D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:iterm2:iterm2:3.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "8B233D0E-3FBB-4859-905F-62FBD2A3B936",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:iterm2:iterm2:3.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "205A29E1-6E96-4BCF-B9E9-8FFD1B8AFE50",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:iterm2:iterm2:3.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "E5C28CBC-8D90-4C84-B461-876256A123D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:iterm2:iterm2:3.0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "614CA11F-13FF-47DE-B0DE-480C252A9498",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:iterm2:iterm2:3.0.20160531:*:*:*:*:*:*:*",
"matchCriteriaId": "5894EE5A-FB88-4C81-B34D-751FF0B42B83",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:iterm2:iterm2:3.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7D292B9F-F988-498C-9D89-B3493C95E41F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:iterm2:iterm2:3.1.0:beta:*:*:*:*:*:*",
"matchCriteriaId": "80258385-2E5C-4D0E-9BAD-F2BE332D7782",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:iterm2:iterm2:3.1.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "02DEB069-F8F0-4A2E-9B22-2E9551CD5F9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:iterm2:iterm2:3.1.0:beta10:*:*:*:*:*:*",
"matchCriteriaId": "F3B134C1-6C41-45F7-B9A5-1D2D9926B3AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:iterm2:iterm2:3.1.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "A37BE0F6-328F-48CF-85ED-540AB8ED186A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:iterm2:iterm2:3.1.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "19251F95-8539-44B1-B510-B805A746AE09",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:iterm2:iterm2:3.1.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "5B662018-34F8-42D7-8033-CB1E33880F50",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:iterm2:iterm2:3.1.0:beta5:*:*:*:*:*:*",
"matchCriteriaId": "109E96A3-1C7D-4CBB-8B12-E83608228F14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:iterm2:iterm2:3.1.0:beta6:*:*:*:*:*:*",
"matchCriteriaId": "6CD1F432-90F0-47E3-83EE-D14793BD143D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:iterm2:iterm2:3.1.0:beta7:*:*:*:*:*:*",
"matchCriteriaId": "D9663ACF-1DF0-4CF4-AF30-FE5DDEE37C54",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:iterm2:iterm2:3.1.0:beta8:*:*:*:*:*:*",
"matchCriteriaId": "E3A17E01-FE71-4ACB-A927-6F6B7AD0F078",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:iterm2:iterm2:3.1.0:beta9:*:*:*:*:*:*",
"matchCriteriaId": "EA28FE8A-1EE8-46F4-A83C-50D3A4AB744D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "iTerm2 3.x before 3.1.1 allows remote attackers to discover passwords by reading DNS queries. A new (default) feature was added to iTerm2 version 3.0.0 (and unreleased 2.9.x versions such as 2.9.20150717) that resulted in a potential information disclosure. In an attempt to see whether the text under the cursor (or selected text) was a URL, the text would be sent as an unencrypted DNS query. This has the potential to result in passwords and other sensitive information being sent in cleartext without the user being aware."
},
{
"lang": "es",
"value": "Las versiones 3.x de iTerm anteriores a 3.1.1 permiten que atacantes remotos descubran contrase\u00f1as mediante la lectura de consultas DNS. Se a\u00f1adi\u00f3 una nueva funci\u00f3n (por defecto) en la versi\u00f3n 3.0.0 (y versiones 2.9.x no lanzadas como la 2.9.20150717) que result\u00f3 en una potencial divulgaci\u00f3n de informaci\u00f3n. Para intentar ver si el texto bajo el cursor (o el texto seleccionado) es una URL, el texto tendr\u00eda que ser enviado como consulta DNS sin codificar. Esto podr\u00eda provocar que las contrase\u00f1as y otro tipo de informaci\u00f3n sensible sean enviadas en texto claro sin que el usuario sea consciente de ello."
}
],
"id": "CVE-2015-9231",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-09-20T20:29:00.183",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/gnachman/iTerm2/commit/33ccaf61e34ef32ffc9d6b2be5dd218f6bb55f51"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://github.com/gnachman/iTerm2/commit/e4eb1063529deb575b75b396138d41554428d522"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://gitlab.com/gnachman/iterm2/issues/3688"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://gitlab.com/gnachman/iterm2/issues/5303"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://gitlab.com/gnachman/iterm2/issues/6050"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://gitlab.com/gnachman/iterm2/issues/6068"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://gitlab.com/gnachman/iterm2/wikis/dnslookupissue"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://news.ycombinator.com/item?id=15286956"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/gnachman/iTerm2/commit/33ccaf61e34ef32ffc9d6b2be5dd218f6bb55f51"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://github.com/gnachman/iTerm2/commit/e4eb1063529deb575b75b396138d41554428d522"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://gitlab.com/gnachman/iterm2/issues/3688"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://gitlab.com/gnachman/iterm2/issues/5303"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://gitlab.com/gnachman/iterm2/issues/6050"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://gitlab.com/gnachman/iterm2/issues/6068"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://gitlab.com/gnachman/iterm2/wikis/dnslookupissue"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://news.ycombinator.com/item?id=15286956"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-10-09 20:15
Modified
2024-11-21 04:51
Severity ?
Summary
A vulnerability exists in the way that iTerm2 integrates with tmux's control mode, which may allow an attacker to execute arbitrary commands by providing malicious output to the terminal. This affects versions of iTerm2 up to and including 3.3.5. This vulnerability may allow an attacker to execute arbitrary commands on their victim's computer by providing malicious output to the terminal. It could be exploited using command-line utilities that print attacker-controlled content.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cret@cert.org | https://blog.mozilla.org/security/2019/10/09/iterm2-critical-issue-moss-audit/ | Exploit, Third Party Advisory | |
| cret@cert.org | https://groups.google.com/forum/#%21topic/iterm2-discuss/57k_AuLdQa4 | ||
| cret@cert.org | https://kb.cert.org/vuls/id/763073/ | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://blog.mozilla.org/security/2019/10/09/iterm2-critical-issue-moss-audit/ | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://groups.google.com/forum/#%21topic/iterm2-discuss/57k_AuLdQa4 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://kb.cert.org/vuls/id/763073/ | Third Party Advisory, US Government Resource |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:iterm2:iterm2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E1132D3C-F86C-4FC1-ABF4-E1B43EB206F9",
"versionEndIncluding": "3.3.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability exists in the way that iTerm2 integrates with tmux\u0027s control mode, which may allow an attacker to execute arbitrary commands by providing malicious output to the terminal. This affects versions of iTerm2 up to and including 3.3.5. This vulnerability may allow an attacker to execute arbitrary commands on their victim\u0027s computer by providing malicious output to the terminal. It could be exploited using command-line utilities that print attacker-controlled content."
},
{
"lang": "es",
"value": "Se presenta una vulnerabilidad en la manera en que iTerm2 se integra con el modo de control de tmux, lo que puede permitir a un atacante ejecutar comandos arbitrarios al proporcionar una salida maliciosa al terminal. Esto afecta a versiones de iTerm2 hasta 3.3.5 incluy\u00e9ndola. Esta vulnerabilidad puede permitir a un atacante ejecutar comandos arbitrarios en la computadora de su v\u00edctima al proporcionar una salida maliciosa al terminal. Podr\u00eda ser explotada utilizando recursos de la l\u00ednea de comandos que imprimen contenido controlado por el atacante."
}
],
"id": "CVE-2019-9535",
"lastModified": "2024-11-21T04:51:48.433",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-10-09T20:15:33.363",
"references": [
{
"source": "cret@cert.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://blog.mozilla.org/security/2019/10/09/iterm2-critical-issue-moss-audit/"
},
{
"source": "cret@cert.org",
"url": "https://groups.google.com/forum/#%21topic/iterm2-discuss/57k_AuLdQa4"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://kb.cert.org/vuls/id/763073/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://blog.mozilla.org/security/2019/10/09/iterm2-critical-issue-moss-audit/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://groups.google.com/forum/#%21topic/iterm2-discuss/57k_AuLdQa4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://kb.cert.org/vuls/id/763073/"
}
],
"sourceIdentifier": "cret@cert.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-349"
}
],
"source": "cret@cert.org",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-74"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-11-23 22:15
Modified
2025-04-25 19:15
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
iTerm2 before 3.4.18 mishandles a DECRQSS response.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://iterm2.com/downloads.html | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://iterm2.com/downloads.html | Release Notes, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:iterm2:iterm2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "392A1214-B460-4D3F-8882-0BF8D4660185",
"versionEndExcluding": "3.4.18",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "iTerm2 before 3.4.18 mishandles a DECRQSS response."
},
{
"lang": "es",
"value": "iTerm2 en versiones anteriores a la 3.4.18 maneja mal una respuesta DECRQSS."
}
],
"id": "CVE-2022-45872",
"lastModified": "2025-04-25T19:15:48.060",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2022-11-23T22:15:09.937",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://iterm2.com/downloads.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://iterm2.com/downloads.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-10-22 04:15
Modified
2024-11-21 08:28
Severity ?
Summary
iTerm2 before 3.4.20 allow (potentially remote) code execution because of mishandling of certain escape sequences related to tmux integration.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:iterm2:iterm2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AE5A8378-60FE-4F69-A7AA-DEE9393C51C8",
"versionEndExcluding": "3.4.20",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "iTerm2 before 3.4.20 allow (potentially remote) code execution because of mishandling of certain escape sequences related to tmux integration."
},
{
"lang": "es",
"value": "iTerm2 anterior a 3.4.20 permite la ejecuci\u00f3n de c\u00f3digo (potencialmente remota) debido al mal manejo de ciertas secuencias de escape relacionadas con la integraci\u00f3n de tmux."
}
],
"id": "CVE-2023-46300",
"lastModified": "2024-11-21T08:28:15.380",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-10-22T04:15:09.740",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://blog.solidsnail.com/posts/2023-08-28-iterm2-rce"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "https://github.com/gnachman/iTerm2/commit/ae8192522661c34d1cbe57f6f9ef2ff0a337c2a5"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "https://github.com/gnachman/iTerm2/commit/b2268b03b5f3d4cd8ca275eaef5d16d0fac20009"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes"
],
"url": "https://iterm2.com/news.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://blog.solidsnail.com/posts/2023-08-28-iterm2-rce"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/gnachman/iTerm2/commit/ae8192522661c34d1cbe57f6f9ef2ff0a337c2a5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/gnachman/iTerm2/commit/b2268b03b5f3d4cd8ca275eaef5d16d0fac20009"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://iterm2.com/news.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-116"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2023-46321 (GCVE-0-2023-46321)
Vulnerability from cvelistv5
Published
2023-10-22 00:00
Modified
2024-09-11 20:35
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
iTermSessionLauncher.m in iTerm2 before 3.5.0beta12 does not sanitize paths in x-man-page URLs. They may have shell metacharacters for a /usr/bin/man command line.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T20:45:41.230Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://iterm2.com/downloads.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://gitlab.com/gnachman/iterm2/-/commit/de3d351e1bd3bc1c1a4f85fe976c592e497dd071"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:iterm2:iterm2:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "iterm2",
"vendor": "iterm2",
"versions": [
{
"lessThan": "3.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-46321",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-11T20:20:40.720607Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-117",
"description": "CWE-117 Improper Output Neutralization for Logs",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T20:35:41.935Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "iTermSessionLauncher.m in iTerm2 before 3.5.0beta12 does not sanitize paths in x-man-page URLs. They may have shell metacharacters for a /usr/bin/man command line."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-22T23:53:31.541867",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://iterm2.com/downloads.html"
},
{
"url": "https://gitlab.com/gnachman/iterm2/-/commit/de3d351e1bd3bc1c1a4f85fe976c592e497dd071"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-46321",
"datePublished": "2023-10-22T00:00:00",
"dateReserved": "2023-10-22T00:00:00",
"dateUpdated": "2024-09-11T20:35:41.935Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-19022 (GCVE-0-2019-19022)
Vulnerability from cvelistv5
Published
2019-11-17 10:59
Modified
2024-08-05 02:02
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
iTerm2 through 3.3.6 has potentially insufficient documentation about the presence of search history in com.googlecode.iterm2.plist, which might allow remote attackers to obtain sensitive information, as demonstrated by searching for the NoSyncSearchHistory string in .plist files within public Git repositories.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T02:02:39.819Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gitlab.com/gnachman/iterm2/issues/8491"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "iTerm2 through 3.3.6 has potentially insufficient documentation about the presence of search history in com.googlecode.iterm2.plist, which might allow remote attackers to obtain sensitive information, as demonstrated by searching for the NoSyncSearchHistory string in .plist files within public Git repositories."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-17T10:59:09",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gitlab.com/gnachman/iterm2/issues/8491"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-19022",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "iTerm2 through 3.3.6 has potentially insufficient documentation about the presence of search history in com.googlecode.iterm2.plist, which might allow remote attackers to obtain sensitive information, as demonstrated by searching for the NoSyncSearchHistory string in .plist files within public Git repositories."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://gitlab.com/gnachman/iterm2/issues/8491",
"refsource": "MISC",
"url": "https://gitlab.com/gnachman/iterm2/issues/8491"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-19022",
"datePublished": "2019-11-17T10:59:09",
"dateReserved": "2019-11-17T00:00:00",
"dateUpdated": "2024-08-05T02:02:39.819Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-46301 (GCVE-0-2023-46301)
Vulnerability from cvelistv5
Published
2023-10-22 00:00
Modified
2024-09-12 17:48
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
iTerm2 before 3.4.20 allow (potentially remote) code execution because of mishandling of certain escape sequences related to upload.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T20:45:40.697Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/gnachman/iTerm2/commit/b2268b03b5f3d4cd8ca275eaef5d16d0fac20009"
},
{
"tags": [
"x_transferred"
],
"url": "https://blog.solidsnail.com/posts/2023-08-28-iterm2-rce"
},
{
"tags": [
"x_transferred"
],
"url": "https://iterm2.com/news.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/gnachman/iTerm2/commit/85cbf5ebda472c9ec295887e99c2b6f1b5867f1b"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-46301",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-12T17:48:41.039655Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-12T17:48:57.452Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "iTerm2 before 3.4.20 allow (potentially remote) code execution because of mishandling of certain escape sequences related to upload."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-22T03:47:50.244689",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/gnachman/iTerm2/commit/b2268b03b5f3d4cd8ca275eaef5d16d0fac20009"
},
{
"url": "https://blog.solidsnail.com/posts/2023-08-28-iterm2-rce"
},
{
"url": "https://iterm2.com/news.html"
},
{
"url": "https://github.com/gnachman/iTerm2/commit/85cbf5ebda472c9ec295887e99c2b6f1b5867f1b"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-46301",
"datePublished": "2023-10-22T00:00:00",
"dateReserved": "2023-10-22T00:00:00",
"dateUpdated": "2024-09-12T17:48:57.452Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-45872 (GCVE-0-2022-45872)
Vulnerability from cvelistv5
Published
2022-11-23 00:00
Modified
2025-04-25 18:22
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
iTerm2 before 3.4.18 mishandles a DECRQSS response.
References
| ► | URL | Tags |
|---|---|---|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T14:24:03.207Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://iterm2.com/downloads.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-45872",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-25T18:22:25.891979Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-25T18:22:30.427Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "iTerm2 before 3.4.18 mishandles a DECRQSS response."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-23T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://iterm2.com/downloads.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-45872",
"datePublished": "2022-11-23T00:00:00.000Z",
"dateReserved": "2022-11-23T00:00:00.000Z",
"dateUpdated": "2025-04-25T18:22:30.427Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-9231 (GCVE-0-2015-9231)
Vulnerability from cvelistv5
Published
2017-09-20 20:00
Modified
2024-09-16 17:23
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
iTerm2 3.x before 3.1.1 allows remote attackers to discover passwords by reading DNS queries. A new (default) feature was added to iTerm2 version 3.0.0 (and unreleased 2.9.x versions such as 2.9.20150717) that resulted in a potential information disclosure. In an attempt to see whether the text under the cursor (or selected text) was a URL, the text would be sent as an unencrypted DNS query. This has the potential to result in passwords and other sensitive information being sent in cleartext without the user being aware.
References
| ► | URL | Tags | ||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T08:43:41.676Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gitlab.com/gnachman/iterm2/issues/6050"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gitlab.com/gnachman/iterm2/issues/5303"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/gnachman/iTerm2/commit/33ccaf61e34ef32ffc9d6b2be5dd218f6bb55f51"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gitlab.com/gnachman/iterm2/wikis/dnslookupissue"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/gnachman/iTerm2/commit/e4eb1063529deb575b75b396138d41554428d522"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gitlab.com/gnachman/iterm2/issues/6068"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gitlab.com/gnachman/iterm2/issues/3688"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://news.ycombinator.com/item?id=15286956"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "iTerm2 3.x before 3.1.1 allows remote attackers to discover passwords by reading DNS queries. A new (default) feature was added to iTerm2 version 3.0.0 (and unreleased 2.9.x versions such as 2.9.20150717) that resulted in a potential information disclosure. In an attempt to see whether the text under the cursor (or selected text) was a URL, the text would be sent as an unencrypted DNS query. This has the potential to result in passwords and other sensitive information being sent in cleartext without the user being aware."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-20T20:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gitlab.com/gnachman/iterm2/issues/6050"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gitlab.com/gnachman/iterm2/issues/5303"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/gnachman/iTerm2/commit/33ccaf61e34ef32ffc9d6b2be5dd218f6bb55f51"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gitlab.com/gnachman/iterm2/wikis/dnslookupissue"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/gnachman/iTerm2/commit/e4eb1063529deb575b75b396138d41554428d522"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gitlab.com/gnachman/iterm2/issues/6068"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gitlab.com/gnachman/iterm2/issues/3688"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://news.ycombinator.com/item?id=15286956"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-9231",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "iTerm2 3.x before 3.1.1 allows remote attackers to discover passwords by reading DNS queries. A new (default) feature was added to iTerm2 version 3.0.0 (and unreleased 2.9.x versions such as 2.9.20150717) that resulted in a potential information disclosure. In an attempt to see whether the text under the cursor (or selected text) was a URL, the text would be sent as an unencrypted DNS query. This has the potential to result in passwords and other sensitive information being sent in cleartext without the user being aware."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://gitlab.com/gnachman/iterm2/issues/6050",
"refsource": "MISC",
"url": "https://gitlab.com/gnachman/iterm2/issues/6050"
},
{
"name": "https://gitlab.com/gnachman/iterm2/issues/5303",
"refsource": "MISC",
"url": "https://gitlab.com/gnachman/iterm2/issues/5303"
},
{
"name": "https://github.com/gnachman/iTerm2/commit/33ccaf61e34ef32ffc9d6b2be5dd218f6bb55f51",
"refsource": "MISC",
"url": "https://github.com/gnachman/iTerm2/commit/33ccaf61e34ef32ffc9d6b2be5dd218f6bb55f51"
},
{
"name": "https://gitlab.com/gnachman/iterm2/wikis/dnslookupissue",
"refsource": "MISC",
"url": "https://gitlab.com/gnachman/iterm2/wikis/dnslookupissue"
},
{
"name": "https://github.com/gnachman/iTerm2/commit/e4eb1063529deb575b75b396138d41554428d522",
"refsource": "MISC",
"url": "https://github.com/gnachman/iTerm2/commit/e4eb1063529deb575b75b396138d41554428d522"
},
{
"name": "https://gitlab.com/gnachman/iterm2/issues/6068",
"refsource": "MISC",
"url": "https://gitlab.com/gnachman/iterm2/issues/6068"
},
{
"name": "https://gitlab.com/gnachman/iterm2/issues/3688",
"refsource": "MISC",
"url": "https://gitlab.com/gnachman/iterm2/issues/3688"
},
{
"name": "https://news.ycombinator.com/item?id=15286956",
"refsource": "MISC",
"url": "https://news.ycombinator.com/item?id=15286956"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-9231",
"datePublished": "2017-09-20T20:00:00Z",
"dateReserved": "2017-09-20T00:00:00Z",
"dateUpdated": "2024-09-16T17:23:28.392Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-38395 (GCVE-0-2024-38395)
Vulnerability from cvelistv5
Published
2024-06-16 00:00
Modified
2024-08-02 04:12
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
In iTerm2 before 3.5.2, the "Terminal may report window title" setting is not honored, and thus remote code execution might occur but "is not trivially exploitable."
References
| ► | URL | Tags |
|---|---|---|
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:iterm2:iterm2:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "iterm2",
"vendor": "iterm2",
"versions": [
{
"status": "affected",
"version": "3.5.2"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-38395",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-18T14:15:43.067220Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-18T14:18:11.693Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:12:24.681Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://iterm2.com/downloads.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://gitlab.com/gnachman/iterm2/-/commit/f1e89f78dd72dcac3ba66d3d6f93db3f7f649219"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.openwall.com/lists/oss-security/2024/06/15/1"
},
{
"tags": [
"x_transferred"
],
"url": "https://gitlab.com/gnachman/iterm2/-/tags/v3.5.2"
},
{
"name": "[oss-security] 20240617 Re: iTerm2 3.5.x title reporting bug",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2024/06/17/1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In iTerm2 before 3.5.2, the \"Terminal may report window title\" setting is not honored, and thus remote code execution might occur but \"is not trivially exploitable.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-17T15:06:00.006301",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://iterm2.com/downloads.html"
},
{
"url": "https://gitlab.com/gnachman/iterm2/-/commit/f1e89f78dd72dcac3ba66d3d6f93db3f7f649219"
},
{
"url": "https://www.openwall.com/lists/oss-security/2024/06/15/1"
},
{
"url": "https://gitlab.com/gnachman/iterm2/-/tags/v3.5.2"
},
{
"name": "[oss-security] 20240617 Re: iTerm2 3.5.x title reporting bug",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2024/06/17/1"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-38395",
"datePublished": "2024-06-16T00:00:00",
"dateReserved": "2024-06-16T00:00:00",
"dateUpdated": "2024-08-02T04:12:24.681Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-9535 (GCVE-0-2019-9535)
Vulnerability from cvelistv5
Published
2019-10-09 19:15
Modified
2024-09-17 02:11
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
A vulnerability exists in the way that iTerm2 integrates with tmux's control mode, which may allow an attacker to execute arbitrary commands by providing malicious output to the terminal. This affects versions of iTerm2 up to and including 3.3.5. This vulnerability may allow an attacker to execute arbitrary commands on their victim's computer by providing malicious output to the terminal. It could be exploited using command-line utilities that print attacker-controlled content.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T21:54:44.484Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VU#763073",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "https://kb.cert.org/vuls/id/763073/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://blog.mozilla.org/security/2019/10/09/iterm2-critical-issue-moss-audit/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://groups.google.com/forum/#%21topic/iterm2-discuss/57k_AuLdQa4"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "iTerm2",
"vendor": "iTerm2",
"versions": [
{
"lessThanOrEqual": "3.3.5",
"status": "affected",
"version": "3.3.5",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Thanks to Stefan Gr\u00f6nke and Fabian Freyer of Radically Open Security for finding this vulnerability, the Mozilla Open Source Support (MOSS) project for supporting the audit, and George Nachman of iTerm2 for developing the fix, and all parties for coordinating this vulnerability."
}
],
"datePublic": "2019-10-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability exists in the way that iTerm2 integrates with tmux\u0027s control mode, which may allow an attacker to execute arbitrary commands by providing malicious output to the terminal. This affects versions of iTerm2 up to and including 3.3.5. This vulnerability may allow an attacker to execute arbitrary commands on their victim\u0027s computer by providing malicious output to the terminal. It could be exploited using command-line utilities that print attacker-controlled content."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-349",
"description": "CWE-349",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-10-09T19:15:44",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"name": "VU#763073",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "https://kb.cert.org/vuls/id/763073/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://blog.mozilla.org/security/2019/10/09/iterm2-critical-issue-moss-audit/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://groups.google.com/forum/#%21topic/iterm2-discuss/57k_AuLdQa4"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "iTerm2, up to and including version 3.3.5, with tmux integration is vulnerable to remote command execution",
"workarounds": [
{
"lang": "en",
"value": "Update iTerm2 to version 3.3.6, which includes mitigations against exploitation of this vulnerability."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.8"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"DATE_PUBLIC": "2019-10-09T04:00:00.000Z",
"ID": "CVE-2019-9535",
"STATE": "PUBLIC",
"TITLE": "iTerm2, up to and including version 3.3.5, with tmux integration is vulnerable to remote command execution"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "iTerm2",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "3.3.5",
"version_value": "3.3.5"
}
]
}
}
]
},
"vendor_name": "iTerm2"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Thanks to Stefan Gr\u00f6nke and Fabian Freyer of Radically Open Security for finding this vulnerability, the Mozilla Open Source Support (MOSS) project for supporting the audit, and George Nachman of iTerm2 for developing the fix, and all parties for coordinating this vulnerability."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability exists in the way that iTerm2 integrates with tmux\u0027s control mode, which may allow an attacker to execute arbitrary commands by providing malicious output to the terminal. This affects versions of iTerm2 up to and including 3.3.5. This vulnerability may allow an attacker to execute arbitrary commands on their victim\u0027s computer by providing malicious output to the terminal. It could be exploited using command-line utilities that print attacker-controlled content."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.8"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-349"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#763073",
"refsource": "CERT-VN",
"url": "https://kb.cert.org/vuls/id/763073/"
},
{
"name": "https://blog.mozilla.org/security/2019/10/09/iterm2-critical-issue-moss-audit/",
"refsource": "MISC",
"url": "https://blog.mozilla.org/security/2019/10/09/iterm2-critical-issue-moss-audit/"
},
{
"name": "https://groups.google.com/forum/#!topic/iterm2-discuss/57k_AuLdQa4",
"refsource": "CONFIRM",
"url": "https://groups.google.com/forum/#!topic/iterm2-discuss/57k_AuLdQa4"
}
]
},
"source": {
"discovery": "UNKNOWN"
},
"work_around": [
{
"lang": "en",
"value": "Update iTerm2 to version 3.3.6, which includes mitigations against exploitation of this vulnerability."
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2019-9535",
"datePublished": "2019-10-09T19:15:44.101481Z",
"dateReserved": "2019-03-01T00:00:00",
"dateUpdated": "2024-09-17T02:11:00.076Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-46322 (GCVE-0-2023-46322)
Vulnerability from cvelistv5
Published
2023-10-22 00:00
Modified
2024-09-11 20:28
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
iTermSessionLauncher.m in iTerm2 before 3.5.0beta12 does not sanitize ssh hostnames in URLs. The hostname's initial character may be non-alphanumeric. The hostname's other characters may be outside the set of alphanumeric characters, dash, and period.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T20:45:41.273Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://iterm2.com/downloads.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://gitlab.com/gnachman/iterm2/-/commit/ef7bb84520013b2524df9787d4aa9f2c96746c01"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:iterm2:iterm2:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "iterm2",
"vendor": "iterm2",
"versions": [
{
"lessThan": "3.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-46322",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-11T20:14:29.861746Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-117",
"description": "CWE-117 Improper Output Neutralization for Logs",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T20:28:05.384Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "iTermSessionLauncher.m in iTerm2 before 3.5.0beta12 does not sanitize ssh hostnames in URLs. The hostname\u0027s initial character may be non-alphanumeric. The hostname\u0027s other characters may be outside the set of alphanumeric characters, dash, and period."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-22T23:53:11.890070",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://iterm2.com/downloads.html"
},
{
"url": "https://gitlab.com/gnachman/iterm2/-/commit/ef7bb84520013b2524df9787d4aa9f2c96746c01"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-46322",
"datePublished": "2023-10-22T00:00:00",
"dateReserved": "2023-10-22T00:00:00",
"dateUpdated": "2024-09-11T20:28:05.384Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-22275 (GCVE-0-2025-22275)
Vulnerability from cvelistv5
Published
2025-01-03 00:00
Modified
2025-01-03 14:58
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-532 - Insertion of Sensitive Information into Log File
Summary
iTerm2 3.5.6 through 3.5.10 before 3.5.11 sometimes allows remote attackers to obtain sensitive information from terminal commands by reading the /tmp/framer.txt file. This can occur for certain it2ssh and SSH Integration configurations, during remote logins to hosts that have a common Python installation.
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-22275",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-03T14:58:43.443113Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-03T14:58:54.733Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "iTerm2",
"vendor": "iTerm2",
"versions": [
{
"lessThan": "3.5.11",
"status": "affected",
"version": "3.5.6",
"versionType": "semver"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:iterm2:iterm2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "3.5.11",
"versionStartIncluding": "3.5.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "iTerm2 3.5.6 through 3.5.10 before 3.5.11 sometimes allows remote attackers to obtain sensitive information from terminal commands by reading the /tmp/framer.txt file. This can occur for certain it2ssh and SSH Integration configurations, during remote logins to hosts that have a common Python installation."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-532",
"description": "CWE-532 Insertion of Sensitive Information into Log File",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-03T06:23:55.308681Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://iterm2.com/downloads/stable/iTerm2-3_5_11.changelog"
},
{
"url": "https://news.ycombinator.com/item?id=42579472"
},
{
"url": "https://gitlab.com/gnachman/iterm2/-/wikis/SSH-Integration-Information-Leak"
}
],
"x_generator": {
"engine": "enrichogram 0.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2025-22275",
"datePublished": "2025-01-03T00:00:00",
"dateReserved": "2025-01-03T00:00:00",
"dateUpdated": "2025-01-03T14:58:54.733Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-38396 (GCVE-0-2024-38396)
Vulnerability from cvelistv5
Published
2024-06-16 00:00
Modified
2024-08-02 04:12
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
An issue was discovered in iTerm2 3.5.x before 3.5.2. Unfiltered use of an escape sequence to report a window title, in combination with the built-in tmux integration feature (enabled by default), allows an attacker to inject arbitrary code into the terminal, a different vulnerability than CVE-2024-38395.
References
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:gnachman:iterm2:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "iterm2",
"vendor": "gnachman",
"versions": [
{
"lessThan": "3.5.2",
"status": "affected",
"version": "3.5.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-38396",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-17T13:41:44.316151Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-17T13:41:48.527Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:12:24.434Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://iterm2.com/downloads.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://vin01.github.io/piptagole/escape-sequences/iterm2/rce/2024/06/16/iterm2-rce-window-title-tmux-integration.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://gitlab.com/gnachman/iterm2/-/commit/fc60236a914d63fb70a5c632e211203a4f1bd4dd"
},
{
"name": "[oss-security] 20240617 Re: iTerm2 3.5.x title reporting bug",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2024/06/17/1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in iTerm2 3.5.x before 3.5.2. Unfiltered use of an escape sequence to report a window title, in combination with the built-in tmux integration feature (enabled by default), allows an attacker to inject arbitrary code into the terminal, a different vulnerability than CVE-2024-38395."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-17T15:06:01.698288",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://iterm2.com/downloads.html"
},
{
"url": "https://vin01.github.io/piptagole/escape-sequences/iterm2/rce/2024/06/16/iterm2-rce-window-title-tmux-integration.html"
},
{
"url": "https://gitlab.com/gnachman/iterm2/-/commit/fc60236a914d63fb70a5c632e211203a4f1bd4dd"
},
{
"name": "[oss-security] 20240617 Re: iTerm2 3.5.x title reporting bug",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2024/06/17/1"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-38396",
"datePublished": "2024-06-16T00:00:00",
"dateReserved": "2024-06-16T00:00:00",
"dateUpdated": "2024-08-02T04:12:24.434Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-46300 (GCVE-0-2023-46300)
Vulnerability from cvelistv5
Published
2023-10-22 00:00
Modified
2024-09-12 17:49
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
iTerm2 before 3.4.20 allow (potentially remote) code execution because of mishandling of certain escape sequences related to tmux integration.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T20:45:40.846Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/gnachman/iTerm2/commit/ae8192522661c34d1cbe57f6f9ef2ff0a337c2a5"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/gnachman/iTerm2/commit/b2268b03b5f3d4cd8ca275eaef5d16d0fac20009"
},
{
"tags": [
"x_transferred"
],
"url": "https://blog.solidsnail.com/posts/2023-08-28-iterm2-rce"
},
{
"tags": [
"x_transferred"
],
"url": "https://iterm2.com/news.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-46300",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-12T17:49:29.200906Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-12T17:49:38.677Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "iTerm2 before 3.4.20 allow (potentially remote) code execution because of mishandling of certain escape sequences related to tmux integration."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-22T03:48:15.545771",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/gnachman/iTerm2/commit/ae8192522661c34d1cbe57f6f9ef2ff0a337c2a5"
},
{
"url": "https://github.com/gnachman/iTerm2/commit/b2268b03b5f3d4cd8ca275eaef5d16d0fac20009"
},
{
"url": "https://blog.solidsnail.com/posts/2023-08-28-iterm2-rce"
},
{
"url": "https://iterm2.com/news.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-46300",
"datePublished": "2023-10-22T00:00:00",
"dateReserved": "2023-10-22T00:00:00",
"dateUpdated": "2024-09-12T17:49:38.677Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}