Vulnerability Description
An issue was discovered in CipherMail Webmail Messenger 1.1.1 through 4.1.4. A local attacker could access secret keys (found in a Roundcube configuration file) that are used to protect Webmail user passwords and two-factor authentication (2FA).
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ciphermail | Webmail Messenger | >= 1.1.1, < 4.2.1 |
Related Weaknesses (CWE)
References
- https://ciphermail.comVendor Advisory
- https://lists.ciphermail.com/hyperkitty/list/security%40lists.ciphermail.com/thr
- https://www.ciphermail.com/webmail-release-notes.htmlRelease NotesVendor Advisory
- https://ciphermail.comVendor Advisory
- https://lists.ciphermail.com/hyperkitty/list/security%40lists.ciphermail.com/thr
- https://www.ciphermail.com/webmail-release-notes.htmlRelease NotesVendor Advisory
FAQ
What is CVE-2022-28218?
CVE-2022-28218 is a vulnerability with a CVSS score of 5.5 (MEDIUM). An issue was discovered in CipherMail Webmail Messenger 1.1.1 through 4.1.4. A local attacker could access secret keys (found in a Roundcube configuration file) that are used to protect Webmail user p...
How severe is CVE-2022-28218?
CVE-2022-28218 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-28218?
Check the references section above for vendor advisories and patch information. Affected products include: Ciphermail Webmail Messenger.