Lucene search

CVE-2022-39250

🗓️ 29 Sep 2022 13:09:15Reported by Alpine Linux Development TeamType

alpinelinux🔗 security.alpinelinux.org👁 47 Views

Matrix JavaScript SDK prior to v19.7.0 allows malicious homeserver to interfere with user verification flow

Reporter	Title	Published	Views	Family All 77
Veracode	Authentication Bypass	30 Sep 202206:19	–	veracode
OSV	matrix-js-sdk subject to user impersonation due to key/device identifier confusion in SAS verification	30 Sep 202222:46	–	osv
OSV	CVE-2022-39250	29 Sep 202213:15	–	osv
OSV	OPENSUSE-SU-2024:12379-1 MozillaThunderbird-102.3.1-1.1 on GA media	15 Jun 202400:00	–	osv
OSV	OPENSUSE-SU-2024:12374-1 element-desktop-1.11.8-1.1 on GA media	15 Jun 202400:00	–	osv
OSV	OPENSUSE-SU-2024:12375-1 element-web-1.11.8-1.1 on GA media	15 Jun 202400:00	–	osv
OSV	Important: thunderbird security update	25 Oct 202200:00	–	osv
OSV	RHSA-2022:7190 Red Hat Security Advisory: thunderbird security update	16 Sep 202409:22	–	osv
OSV	Important: thunderbird security update	25 Oct 202200:00	–	osv
OSV	RHSA-2022:7181 Red Hat Security Advisory: thunderbird security update	16 Sep 202409:22	–	osv

OS	OS Version	Architecture	Package	Package Version	Filename
Alpine	edge-community	noarch	element-web	1.11.7-r0	UNKNOWN
Alpine	3.16-community	noarch	riot-web	1.11.7-r0	UNKNOWN
Alpine	3.17-community	noarch	riot-web	1.11.7-r0	UNKNOWN
Alpine	3.18-community	noarch	element-web	1.11.7-r0	UNKNOWN
Alpine	3.19-community	noarch	element-web	1.11.7-r0	UNKNOWN
Alpine	3.20-community	noarch	element-web	1.11.7-r0	UNKNOWN
Alpine	3.21-community	noarch	element-web	1.11.7-r0	UNKNOWN

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

29 Sep 2022 13:15Current

8.2High risk

Vulners AI Score8.2

CVSS37.5 - 8.6

EPSS0.00124