Vulnerability Details CVE-2022-28218
An issue was discovered in CipherMail Webmail Messenger 1.1.1 through 4.1.4. A local attacker could access secret keys (found in a Roundcube configuration file) that are used to protect Webmail user passwords and two-factor authentication (2FA).
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 19.8%
CVSS Severity
CVSS v3 Score 5.5
CVSS v2 Score 2.1
References
- https://ciphermail.com
- https://lists.ciphermail.com/hyperkitty/list/security%40lists.ciphermail.com/thread/WRWHQUACXWXQA42KXXQQ6EEP6SBBM5BM/
- https://www.ciphermail.com/webmail-release-notes.html
- https://ciphermail.com
- https://lists.ciphermail.com/hyperkitty/list/security%40lists.ciphermail.com/thread/WRWHQUACXWXQA42KXXQQ6EEP6SBBM5BM/
- https://www.ciphermail.com/webmail-release-notes.html
Products affected by CVE-2022-28218
-
cpe:2.3:a:ciphermail:webmail_messenger:1.1.1
-
cpe:2.3:a:ciphermail:webmail_messenger:3.1.1-0
-
cpe:2.3:a:ciphermail:webmail_messenger:3.2.0-0
-
cpe:2.3:a:ciphermail:webmail_messenger:3.3.1
-
cpe:2.3:a:ciphermail:webmail_messenger:3.4.0
-
cpe:2.3:a:ciphermail:webmail_messenger:4.0.0
-
cpe:2.3:a:ciphermail:webmail_messenger:4.0.1
-
cpe:2.3:a:ciphermail:webmail_messenger:4.0.2
-
cpe:2.3:a:ciphermail:webmail_messenger:4.1.0
-
cpe:2.3:a:ciphermail:webmail_messenger:4.1.2
-
cpe:2.3:a:ciphermail:webmail_messenger:4.1.3
-
cpe:2.3:a:ciphermail:webmail_messenger:4.1.4
-
cpe:2.3:a:ciphermail:webmail_messenger:4.2.0