CVE-2022-28218

An issue was discovered in CipherMail Webmail Messenger 1.1.1 through 4.1.4. A local attacker could access secret keys (found in a Roundcube configuration file) that are used to protect Webmail user passwords and two-factor authentication (2FA).

Published: Apr 26, 2022
Updated: Apr 14, 2023
CVE: CVE-2022-28218
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 5.5
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CVSS v2:

Severity: Low
Score: 2.1
AV:L/AC:L/Au:N/C:P/I:N/A:N

CWEs:

CWE-276

Affected Software
References

Software	From	Fixed in
ciphermail / webmail_messenger	1.1.1	4.2.1

https://ciphermail.com
https://lists.ciphermail.com/hyperkitty/list/[email protected]/thread/WRWHQUACXWXQA42KXXQQ6EEP6SBBM5BM/
https://lists.ciphermail.com/hyperkitty/list/security%40lists.ciphermail.com/thread/WRWHQUACXWXQA42KXXQQ6EEP6SBBM5BM/
https://www.ciphermail.com/webmail-release-notes.html

Vulnerability Database

289,697

CVE-2022-28218