Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
osvGoogleOSV:CVE-2022-41904
HistoryNov 11, 2022 - 7:15 p.m.

CVE-2022-41904

2022-11-1119:15:11
Google
osv.dev
7
element ios
matrixsdk
megolm encryption
injection vulnerability

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

AI Score

6.5

Confidence

High

EPSS

0.001

Percentile

26.2%

JSON

Element iOS is an iOS Matrix client provided by Element. It is based on MatrixSDK. Prior to version 1.9.7, events encrypted using Megolm for which trust could not be established did not get decorated accordingly (with warning shields). Therefore a malicious homeserver could inject messages into the room without the user being alerted that the messages were not sent by a verified group member, even if the user has previously verified all group members. This issue has been patched in Element iOS 1.9.7. There are currently no known workarounds.

Related

nvd 1
prion 1
cvelist 1
cve 1
nvd
nvd
CVE-2022-41904
2022-11-11 19:15:11
prion
prion
Code injection
2022-11-11 19:15:00
cvelist
cvelist
CVE-2022-41904 Element iOS is vulnerable due to missing decoration for events decrypted with untrusted Megolm sessions
2022-11-11 00:00:00
cve
cve
CVE-2022-41904
2022-11-11 19:15:11

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

AI Score

6.5

Confidence

High

EPSS

0.001

Percentile

26.2%

JSON
Related for OSV:CVE-2022-41904
nvd1prion1cvelist1cve1