CVE-2022-39264 — HIGH (8.6)

Q: How severe is CVE-2022-39264?

CVE-2022-39264 has been rated HIGH with a CVSS base score of 8.6/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2022-39264?

Check the references section above for vendor advisories and patch information. Affected products include: Nheko-Reborn Nheko, Fedoraproject Fedora.

Vulnerability Description

nheko is a desktop client for the Matrix communication application. All versions below 0.10.2 are vulnerable homeservers inserting malicious secrets, which could lead to man-in-the-middle attacks. Users can upgrade to version 0.10.2 to protect against this issue. As a workaround, one may apply the patch manually, avoid doing verifications of one's own devices, and/or avoid pressing the request button in the settings menu.

CVSS Score

8.6

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality

NONE

Integrity

HIGH

Availability

NONE

Affected Products

Vendor	Product	Versions
Nheko-Reborn	Nheko	< 0.10.2
Fedoraproject	Fedora	36

Related Weaknesses (CWE)

CWE-295 CWE-287

References

FAQ

What is CVE-2022-39264?

CVE-2022-39264 is a vulnerability with a CVSS score of 8.6 (HIGH). nheko is a desktop client for the Matrix communication application. All versions below 0.10.2 are vulnerable homeservers inserting malicious secrets, which could lead to man-in-the-middle attacks. Use...

How severe is CVE-2022-39264?

CVE-2022-39264 has been rated HIGH with a CVSS base score of 8.6/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2022-39264?

Check the references section above for vendor advisories and patch information. Affected products include: Nheko-Reborn Nheko, Fedoraproject Fedora.