Lucene search

K
redhatcveRedhat.comRH:CVE-2022-39250
HistoryOct 17, 2022 - 2:18 p.m.

CVE-2022-39250

2022-10-1714:18:56
redhat.com
access.redhat.com
18
mozilla
thunderbird
matrix chat
impersonation attack
cross-device verification
authentication

CVSS3

8.6

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N

EPSS

0.001

Percentile

45.5%

A flaw was found in Mozilla. According to the Mozilla Foundation Security Advisory, Thunderbird users who use the Matrix chat protocol are vulnerable to an impersonation attack. A malicious server administrator could interfere with cross-device verification to authenticate their own device.

CVSS3

8.6

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N

EPSS

0.001

Percentile

45.5%