Your submission was sent successfully! Close

CVE-2022-39264

Published: 28 September 2022

nheko is a desktop client for the Matrix communication application. All versions below 0.10.2 are vulnerable homeservers inserting malicious secrets, which could lead to man-in-the-middle attacks. Users can upgrade to version 0.10.2 to protect against this issue. As a workaround, one may apply the patch manually, avoid doing verifications of one's own devices, and/or avoid pressing the request button in the settings menu.

Priority

Medium

CVSS 3 base score: 5.9

Status

Package Release Status
nheko
Launchpad, Ubuntu, Debian
bionic Needs triage

focal Needs triage

jammy Needs triage

kinetic Needs triage

trusty Ignored
(out of standard support)
upstream Needs triage

xenial Ignored
(out of standard support)