What is CVE-2022-23605?

CVE-2022-23605 is a medium-severity vulnerability in Wireapp Wire-webapp, classified under Improper Removal of Sensitive Information Before Storage or Transfer. CVSS score: 4.4/10. Published 2022-02-04.

How severe is CVE-2022-23605?

Medium severity. CVSS v3 base score is 4.4 out of 10.

Vulnerability in Wireapp Wire-webapp

CVE-2022-23605

Wire webapp is a web client for the wire messaging protocol. In versions prior to 2022-01-27-production.0 expired ephemeral messages were not reliably removed from local chat history of Wire Webapp. In versions before 2022-01-27-production…

EPSS: 0.001 (20.0th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 4.4 (Medium). Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N.

Affected products

Wireapp Wire-webapp — versions < 2022-01-27-production.0

Weakness classification (CWE)

CWE-212 — Improper Removal of Sensitive Information Before Storage or Transfer

References

github.com/wireapp/wire-webapp/security/advisories/GHSA-2w3m-ppfg-hg62 (x_refsource_CONFIRM)
github.com/wireapp/wire-webapp/commit/42c9a1edddbdd5d4d8f9a196a98f6fc19bb21741 (x_refsource_MISC)

Frequently asked questions

What is CVE-2022-23605?: CVE-2022-23605 is a medium-severity vulnerability in Wireapp Wire-webapp, classified under Improper Removal of Sensitive Information Before Storage or Transfer. CVSS score: 4.4/10. Published 2022-02-04.
How severe is CVE-2022-23605?: Medium severity. CVSS v3 base score is 4.4 out of 10.