Vulnerabilities > CVE-2019-14957 - Insecure Storage of Sensitive Information vulnerability in Jetbrains VIM

CVSS 5.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

LOW

Integrity impact

NONE

Availability impact

NONE

network

low complexity

jetbrains

CWE-922

NVD

Published: 2019-10-01

Updated: 2019-10-08

Summary

The JetBrains Vim plugin before version 0.52 was storing individual project data in the global vim_settings.xml file. This xml file could be synchronized to a publicly accessible GitHub repository.

Vulnerable Configurations

Part	Description	Count
Application	Jetbrains Jetbrains VIM - Jetbrains VIM 0.46 Jetbrains VIM 0.47 Jetbrains VIM 0.48 Jetbrains VIM 0.49 Jetbrains VIM 0.50 Jetbrains VIM 0.51	7

Common Weakness Enumeration (CWE)

CWE-922 - Insecure Storage of Sensitive Information

References

https://blog.jetbrains.com/blog/2019/09/26/jetbrains-security-bulletin-q2-2019/