How severe is CVE-2022-41904?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.5 out of 10.

What type of vulnerability is CVE-2022-41904?

This is classified as CWE-357, which is a common weakness in software security.

CVE-2022-41904 - MEDIUM Severity | CVSS 6.5

Vulnerability Description

Element iOS is an iOS Matrix client provided by Element. It is based on MatrixSDK. Prior to version 1.9.7, events encrypted using Megolm for which trust could not be established did not get decorated accordingly (with warning shields). Therefore a malicious homeserver could inject messages into the room without the user being alerted that the messages were not sent by a verified group member, even if the user has previously verified all group members. This issue has been patched in Element iOS 1.9.7. There are currently no known workarounds.

Related Vulnerabilities

CVE-2024-30058

MEDIUM

CVSS:5.4(Medium)

Microsoft Edge (Chromium-based) Spoofing Vulnerability

CWE-3572024

CVE-2024-43580

MEDIUM

CVSS:5.4(Medium)

Microsoft Edge (Chromium-based) Spoofing Vulnerability

CWE-3572024

CVE-2024-21387

MEDIUM

CVSS:5.3(Medium)

Microsoft Edge for Android Spoofing Vulnerability

CWE-3572024

CVE-2019-13521

HIGH

CVSS:7.8(High)

A maliciously crafted program file opened by an unsuspecting user of Rockwell Automation Arena Simulation Software version 16.00.00 and earlier may result in the limited exposure of information relate...

CWE-3572019

CVE-2021-22645

HIGH

CVSS:7.8(High)

Luxion KeyShot versions prior to 10.1, Luxion KeyShot Viewer versions prior to 10.1, Luxion KeyShot Network Rendering versions prior to 10.1, and Luxion KeyVR versions prior to 10.1 are vulnerable to ...

CWE-3572021

CVE-2024-43505

HIGH

CVSS:7.8(High)

Microsoft Office Visio Remote Code Execution Vulnerability

CWE-3572024