What is CVE-2022-41904?

CVE-2022-41904 is a medium-severity vulnerability in Vector-im Element-ios, classified under CWE-357. CVSS score: 6.4/10. Published 2022-11-11.

How severe is CVE-2022-41904?

Medium severity. CVSS v3 base score is 6.4 out of 10.

Vulnerability in Vector-im Element-ios

CVE-2022-41904

Element iOS is an iOS Matrix client provided by Element. It is based on MatrixSDK. Prior to version 1.9.7, events encrypted using Megolm for which trust could not be established did not get decorated accordingly (with warning shields). The…

EPSS: 0.002 (43.7th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 6.4 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N.

Affected products

Vector-im Element-ios — versions < 1.9.7

Weakness classification (CWE)

CWE-357

References

github.com/vector-im/element-ios/security/advisories/GHSA-fm8m-99j7-323g
github.com/vector-im/element-ios/releases/tag/v1.9.7

Frequently asked questions

What is CVE-2022-41904?: CVE-2022-41904 is a medium-severity vulnerability in Vector-im Element-ios, classified under CWE-357. CVSS score: 6.4/10. Published 2022-11-11.
How severe is CVE-2022-41904?: Medium severity. CVSS v3 base score is 6.4 out of 10.