Home > Vulnerability Database > CVE-2022-41904

Mend.io Vulnerability Database

CVE-2022-41904

Good to know:

Date: November 10, 2022

Element iOS is an iOS Matrix client provided by Element. It is based on MatrixSDK. Prior to version 1.9.7, events encrypted using Megolm for which trust could not be established did not get decorated accordingly (with warning shields). Therefore a malicious homeserver could inject messages into the room without the user being alerted that the messages were not sent by a verified group member, even if the user has previously verified all group members. This issue has been patched in Element iOS 1.9.7. There are currently no known workarounds.

Language: Swift

Severity Score

6.4

Related Resources (4)

Url: https://github.com/vector-im/element-ios/security/advisories/GHSA-fm8m-99j7-323g

Url: https://nvd.nist.gov/vuln/detail/CVE-2022-41904

Url: https://github.com/vector-im/element-ios/releases/tag/v1.9.7

Url: https://www.mend.io/vulnerability-database/CVE-2022-41904

Severity Score

6.4

Weakness Type (CWE)

Insufficient UI Warning of Dangerous Operations

CWE-357

Top Fix

Upgrade Version

Upgrade to version v1.9.7

Learn More

CVSS v3.1

Base Score:	6.4
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	CHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2022-41904

Good to know:

Date: November 10, 2022

Language: Swift

Severity Score

Related Resources (4)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?