Lucene search

[email protected]NVD:CVE-2022-29168

HistoryJun 25, 2022 - 7:15 a.m.

CVE-2022-29168

2022-06-2507:15:07

CWE-80

CWE-79

[email protected]

web.nvd.nist.gov

wire

messaging

arbitrary code

injection

html

javascript

vulnerable

fix

update

security issue

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

31.6%

JSON

Wire is a secure messaging application. Wire is vulnerable to arbitrary HTML and Javascript execution via insufficient escaping when rendering @mentions in the wire-webapp. If a user receives and views a malicious message, arbitrary code is injected and executed in the context of the victim allowing the attacker to fully control the user account. Wire-desktop clients that are connected to a vulnerable wire-webapp version are also vulnerable to this attack. The issue has been fixed in wire-webapp 2022-05-04-production.0 and is already deployed on all Wire managed services. On-premise instances of wire-webapp need to be updated to docker tag 2022-05-04-production.0-v0.29.7-0-a6f2ded or wire-server 2022-05-04 (chart/4.11.0) or later. No known workarounds exist.

Affected configurations

Nvd

Node

wirewire-webappMatch2016-07-29-17-00

wirewire-webappMatch2016-08-04-15-44

wirewire-webappMatch2016-08-23-09-31

wirewire-webappMatch2016-08-24-10-10

wirewire-webappMatch2016-08-29-14-54

wirewire-webappMatch2016-09-08-15-38

wirewire-webappMatch2016-09-19-14-01

wirewire-webappMatch2016-09-28-14-58

wirewire-webappMatch2016-10-11-15-34

wirewire-webappMatch2016-10-18-08-10

wirewire-webappMatch2016-10-25-08-17

wirewire-webappMatch2016-10-26-18-58

wirewire-webappMatch2016-11-03-16-09

wirewire-webappMatch2016-11-08-15-06

wirewire-webappMatch2016-12-01-12-57

wirewire-webappMatch2016-12-13-15-12

wirewire-webappMatch2017-01-23-12-12

wirewire-webappMatch2017-02-01-14-49

wirewire-webappMatch2017-02-17-10-10

wirewire-webappMatch2017-02-24-13-06

wirewire-webappMatch2017-03-08-17-32

wirewire-webappMatch2017-03-14-15-05

wirewire-webappMatch2017-03-21-11-00

wirewire-webappMatch2017-03-27-17-10

wirewire-webappMatch2017-03-28-14-23

wirewire-webappMatch2017-04-05-16-58

wirewire-webappMatch2017-04-07-09-42

wirewire-webappMatch2017-04-19-12-31

wirewire-webappMatch2017-04-20-15-54

wirewire-webappMatch2017-05-03-10-29

wirewire-webappMatch2017-05-19-16-10

wirewire-webappMatch2017-05-26-08-16

wirewire-webappMatch2017-05-26-12-03

wirewire-webappMatch2017-06-01-10-02

wirewire-webappMatch2017-06-07-15-03

wirewire-webappMatch2017-06-07-18-05

wirewire-webappMatch2017-06-22-12-18

wirewire-webappMatch2017-06-28-15-13

wirewire-webappMatch2017-07-06-12-44

wirewire-webappMatch2017-07-06-15-48

wirewire-webappMatch2017-07-18-12-50

wirewire-webappMatch2017-08-03-15-19

wirewire-webappMatch2017-08-04-09-04

wirewire-webappMatch2017-08-04-15-01

wirewire-webappMatch2017-08-08-15-09

wirewire-webappMatch2017-08-24-10-57

wirewire-webappMatch2017-08-31-14-21

wirewire-webappMatch2017-09-26-07-18

wirewire-webappMatch2017-09-26-13-00

wirewire-webappMatch2017-10-09-08-42

wirewire-webappMatch2017-10-19-10-45

wirewire-webappMatch2017-10-25-07-08

wirewire-webappMatch2017-11-07-08-50

wirewire-webappMatch2017-11-10-10-41

wirewire-webappMatch2017-12-04-10-23

wirewire-webappMatch2017-12-04-13-34

wirewire-webappMatch2017-12-07-11-13

wirewire-webappMatch2017-12-20-12-48

wirewire-webappMatch2018-01-24-18-11

wirewire-webappMatch2018-02-01-10-26

wirewire-webappMatch2018-02-16-07-54

wirewire-webappMatch2018-03-12-11-41

wirewire-webappMatch2018-04-06-07-28

wirewire-webappMatch2018-04-06-09-44

wirewire-webappMatch2018-04-09-10-16

wirewire-webappMatch2018-04-12-06-45

wirewire-webappMatch2018-04-12-11-12

wirewire-webappMatch2018-04-12-13-37

wirewire-webappMatch2018-04-24-14-58

wirewire-webappMatch2018-05-04-07-18

wirewire-webappMatch2018-05-24-15-49

wirewire-webappMatch2018-06-19-08-04

wirewire-webappMatch2018-07-03-08-25

wirewire-webappMatch2018-07-16-08-55

wirewire-webappMatch2018-07-16-14-05

wirewire-webappMatch2018-07-26-08-54

wirewire-webappMatch2018-08-06-08-03

wirewire-webappMatch2018-08-22-07-38

wirewire-webappMatch2018-08-31-06-54

wirewire-webappMatch2018-09-07-14-18

wirewire-webappMatch2018-09-28-11-46

wirewire-webappMatch2018-10-02-08-03

wirewire-webappMatch2018-10-15-08-14

wirewire-webappMatch2018-10-23-12-05

wirewire-webappMatch2018-11-05-11-21

wirewire-webappMatch2018-11-15-13-14

wirewire-webappMatch2018-11-30-11-03

wirewire-webappMatch2018-12-03-11-26

wirewire-webappMatch2018-12-04-14-24

wirewire-webappMatch2019-01-02-13-10

wirewire-webappMatch2019-01-08-13-20

wirewire-webappMatch2019-01-17-15-08

wirewire-webappMatch2019-02-11staging0

wirewire-webappMatch2019-02-11staging1

wirewire-webappMatch2019-02-11staging2

wirewire-webappMatch2019-02-13staging0

wirewire-webappMatch2019-02-18staging0

wirewire-webappMatch2019-02-18-11-26

wirewire-webappMatch2019-02-27staging0

wirewire-webappMatch2019-02-28staging0

wirewire-webappMatch2019-02-28staging1

wirewire-webappMatch2019-02-28-15-10

wirewire-webappMatch2019-02-28-15-11

wirewire-webappMatch2019-03-05staging0

wirewire-webappMatch2019-03-07staging0

wirewire-webappMatch2019-03-11staging0

wirewire-webappMatch2019-03-13staging0

wirewire-webappMatch2019-03-13staging1

wirewire-webappMatch2019-03-14-11-05

wirewire-webappMatch2019-03-18-12-58

wirewire-webappMatch2019-03-20staging0

wirewire-webappMatch2019-03-25staging0

wirewire-webappMatch2019-03-25staging1

wirewire-webappMatch2019-03-28staging0

wirewire-webappMatch2019-03-28staging1

wirewire-webappMatch2019-03-29-09-38

wirewire-webappMatch2019-04-08staging0

wirewire-webappMatch2019-04-10-10-55

wirewire-webappMatch2019-04-11staging0

wirewire-webappMatch2019-04-18staging0

wirewire-webappMatch2019-04-23staging1

wirewire-webappMatch2019-04-23-10-51

wirewire-webappMatch2019-04-25staging0

wirewire-webappMatch2019-04-29staging0

wirewire-webappMatch2019-05-09-09-36

wirewire-webappMatch2019-05-14staging0

wirewire-webappMatch2019-05-15staging0

wirewire-webappMatch2019-05-16

wirewire-webappMatch2019-05-16-09-26

wirewire-webappMatch2019-05-31staging0

wirewire-webappMatch2019-05-31-08-18

wirewire-webappMatch2019-06-04staging0

wirewire-webappMatch2019-06-06-12-31

wirewire-webappMatch2019-06-20staging0

wirewire-webappMatch2019-06-24staging0

wirewire-webappMatch2019-06-25staging0

wirewire-webappMatch2019-06-26staging0

wirewire-webappMatch2019-07-01staging0

wirewire-webappMatch2019-07-02-12-29

wirewire-webappMatch2019-07-11-13-18

wirewire-webappMatch2019-07-30staging0

wirewire-webappMatch2019-08-01staging0

wirewire-webappMatch2019-08-14staging0

wirewire-webappMatch2019-08-19staging0

wirewire-webappMatch2019-08-21production0

wirewire-webappMatch2019-08-22production0

wirewire-webappMatch2019-08-22staging0

wirewire-webappMatch2019-08-27staging0

wirewire-webappMatch2019-09-02production0

wirewire-webappMatch2019-09-05staging0

wirewire-webappMatch2019-09-09staging0

wirewire-webappMatch2019-09-12staging0

wirewire-webappMatch2019-09-13staging0

wirewire-webappMatch2019-09-17production0

wirewire-webappMatch2019-09-18staging0

wirewire-webappMatch2019-09-23staging0

wirewire-webappMatch2019-09-24production0

wirewire-webappMatch2019-10-07staging0

wirewire-webappMatch2019-10-07staging1

wirewire-webappMatch2019-10-08staging0

wirewire-webappMatch2019-10-10staging0

wirewire-webappMatch2019-10-10staging1

wirewire-webappMatch2019-10-14staging0

wirewire-webappMatch2019-10-16production0

wirewire-webappMatch2019-10-16production1

wirewire-webappMatch2019-10-16staging0

wirewire-webappMatch2019-10-16staging1

wirewire-webappMatch2019-10-21staging0

wirewire-webappMatch2019-10-25staging0

wirewire-webappMatch2019-10-29staging0

wirewire-webappMatch2019-10-31staging0

wirewire-webappMatch2019-11-01production0

wirewire-webappMatch2019-11-08staging0

wirewire-webappMatch2019-11-12staging0

wirewire-webappMatch2019-11-19staging0

wirewire-webappMatch2019-11-21production0

wirewire-webappMatch2019-11-21staging0

wirewire-webappMatch2019-11-25staging0

wirewire-webappMatch2019-11-26production0

wirewire-webappMatch2019-12-12staging0

wirewire-webappMatch2019-12-20staging0

wirewire-webappMatch2020-01-06production0

wirewire-webappMatch2020-01-09staging0

wirewire-webappMatch2020-01-13production0

wirewire-webappMatch2020-01-15staging0

wirewire-webappMatch2020-01-16staging0

wirewire-webappMatch2020-01-17staging0

wirewire-webappMatch2020-01-21staging0

wirewire-webappMatch2020-01-22production0

wirewire-webappMatch2020-02-06staging0

wirewire-webappMatch2020-02-11staging0

wirewire-webappMatch2020-02-11staging1

wirewire-webappMatch2020-02-14production0

wirewire-webappMatch2020-02-18staging0

wirewire-webappMatch2020-02-20staging0

wirewire-webappMatch2020-02-24staging0

wirewire-webappMatch2020-02-26staging0

wirewire-webappMatch2020-02-28staging0

wirewire-webappMatch2020-03-03production0

wirewire-webappMatch2020-03-03staging0

wirewire-webappMatch2020-03-06staging0

wirewire-webappMatch2020-03-12staging0

wirewire-webappMatch2020-03-18staging0

wirewire-webappMatch2020-03-20staging0

wirewire-webappMatch2020-03-23production0

wirewire-webappMatch2020-03-30staging0

wirewire-webappMatch2020-04-01staging0

wirewire-webappMatch2020-04-07production0

wirewire-webappMatch2020-04-09staging0

wirewire-webappMatch2020-04-16staging0

wirewire-webappMatch2020-04-21production0

wirewire-webappMatch2020-04-22staging0

wirewire-webappMatch2020-04-23staging0

wirewire-webappMatch2020-04-28staging0

wirewire-webappMatch2020-04-29production0

wirewire-webappMatch2020-05-04staging0

wirewire-webappMatch2020-05-06staging0

wirewire-webappMatch2020-05-07production0

wirewire-webappMatch2020-05-07staging0

wirewire-webappMatch2020-05-13staging0

wirewire-webappMatch2020-05-14staging0

wirewire-webappMatch2020-05-15staging0

wirewire-webappMatch2020-05-18staging0

wirewire-webappMatch2020-05-19staging0

wirewire-webappMatch2020-05-20production0

wirewire-webappMatch2020-05-22staging0

wirewire-webappMatch2020-05-26staging0

wirewire-webappMatch2020-05-27staging0

wirewire-webappMatch2020-05-28staging0

wirewire-webappMatch2020-05-29staging0

wirewire-webappMatch2020-06-02production0

wirewire-webappMatch2020-06-05staging0

wirewire-webappMatch2020-06-08staging0

wirewire-webappMatch2020-06-10staging0

wirewire-webappMatch2020-06-12staging0

wirewire-webappMatch2020-06-15production0

wirewire-webappMatch2020-06-15staging0

wirewire-webappMatch2020-06-19staging0

wirewire-webappMatch2020-06-24production0

wirewire-webappMatch2020-06-29staging0

wirewire-webappMatch2020-07-07staging0

wirewire-webappMatch2020-07-07staging1

wirewire-webappMatch2020-07-13staging0

wirewire-webappMatch2020-07-16staging0

wirewire-webappMatch2020-07-24production0

wirewire-webappMatch2020-07-24staging0

wirewire-webappMatch2020-07-24staging1

wirewire-webappMatch2020-08-06staging0

wirewire-webappMatch2020-08-12staging0

wirewire-webappMatch2020-08-12staging1

wirewire-webappMatch2020-08-14staging0

wirewire-webappMatch2020-08-18staging0

wirewire-webappMatch2020-08-19staging0

wirewire-webappMatch2020-08-21staging0

wirewire-webappMatch2020-08-25staging0

wirewire-webappMatch2020-08-26production0

wirewire-webappMatch2020-09-02staging0

wirewire-webappMatch2020-09-03staging0

wirewire-webappMatch2020-09-04staging0

wirewire-webappMatch2020-09-08staging0

wirewire-webappMatch2020-09-11production0

wirewire-webappMatch2020-09-17staging0

wirewire-webappMatch2020-09-18staging0

wirewire-webappMatch2020-09-21production0

wirewire-webappMatch2020-09-28staging0

wirewire-webappMatch2020-09-29production0

wirewire-webappMatch2020-10-01staging0

wirewire-webappMatch2020-10-06staging0

wirewire-webappMatch2020-10-07production0

wirewire-webappMatch2020-10-07staging0

wirewire-webappMatch2020-10-08production0

wirewire-webappMatch2020-10-14staging0

wirewire-webappMatch2020-10-15staging0

wirewire-webappMatch2020-10-21staging0

wirewire-webappMatch2020-10-21staging1

wirewire-webappMatch2020-10-26staging0

wirewire-webappMatch2020-10-27staging0

wirewire-webappMatch2020-10-28production0

wirewire-webappMatch2020-11-09production0

wirewire-webappMatch2020-11-30production0

wirewire-webappMatch2020-11-30staging0

wirewire-webappMatch2020-12-10staging0

wirewire-webappMatch2020-12-14production0

wirewire-webappMatch2021-01-18production0

wirewire-webappMatch2021-01-18staging1

wirewire-webappMatch2021-01-27staging0

wirewire-webappMatch2021-02-02production0

wirewire-webappMatch2021-02-03staging0

wirewire-webappMatch2021-02-04staging0

wirewire-webappMatch2021-02-15staging0

wirewire-webappMatch2021-02-17production0

wirewire-webappMatch2021-02-18staging0

wirewire-webappMatch2021-02-22staging1

wirewire-webappMatch2021-02-26staging0

wirewire-webappMatch2021-03-04production0

wirewire-webappMatch2021-03-05staging0

wirewire-webappMatch2021-03-10staging0

wirewire-webappMatch2021-03-15production0

wirewire-webappMatch2021-03-18staging0

wirewire-webappMatch2021-03-24staging0

wirewire-webappMatch2021-03-25staging0

wirewire-webappMatch2021-04-01production0

wirewire-webappMatch2021-04-06staging0

wirewire-webappMatch2021-04-15staging0

wirewire-webappMatch2021-04-26staging0

wirewire-webappMatch2021-04-28staging0

wirewire-webappMatch2021-05-06staging0

wirewire-webappMatch2021-05-10production0

wirewire-webappMatch2021-05-27staging0

wirewire-webappMatch2021-06-01production0

wirewire-webappMatch2021-06-17staging0

wirewire-webappMatch2021-07-09staging0

wirewire-webappMatch2021-07-26staging0

wirewire-webappMatch2021-07-27staging0

wirewire-webappMatch2021-08-03staging0

wirewire-webappMatch2021-08-04staging0

wirewire-webappMatch2021-08-09staging0

wirewire-webappMatch2021-08-17staging0

wirewire-webappMatch2021-08-25staging0

wirewire-webappMatch2021-08-25staging1

wirewire-webappMatch2021-08-27staging0

wirewire-webappMatch2021-08-30production0

wirewire-webappMatch2021-08-30staging0

wirewire-webappMatch2021-09-03staging0

wirewire-webappMatch2021-09-06staging0

wirewire-webappMatch2021-09-06staging1

wirewire-webappMatch2021-09-06staging2

wirewire-webappMatch2021-09-06staging3

wirewire-webappMatch2021-09-08staging0

wirewire-webappMatch2021-09-09staging0

wirewire-webappMatch2021-09-10staging0

wirewire-webappMatch2021-09-13production0

wirewire-webappMatch2021-09-13staging0

wirewire-webappMatch2021-09-20staging0

wirewire-webappMatch2021-09-22staging0

wirewire-webappMatch2021-09-27production0

wirewire-webappMatch2021-09-29staging0

wirewire-webappMatch2021-09-30staging0

wirewire-webappMatch2021-10-02staging0

wirewire-webappMatch2021-10-04production0

wirewire-webappMatch2021-10-13staging0

wirewire-webappMatch2021-10-20staging0

wirewire-webappMatch2021-10-27staging0

wirewire-webappMatch2021-11-01production0

wirewire-webappMatch2021-11-25staging0

wirewire-webappMatch2021-12-01production0

wirewire-webappMatch2021-12-01staging0

wirewire-webappMatch2021-12-02production0

wirewire-webappMatch2022-01-18staging0

wirewire-webappMatch2022-01-19staging0

wirewire-webappMatch2022-01-20staging0

wirewire-webappMatch2022-01-27production0

wirewire-webappMatch2022-02-02staging0

wirewire-webappMatch2022-02-03staging0

wirewire-webappMatch2022-02-07production0

wirewire-webappMatch2022-02-08production0

wirewire-webappMatch2022-02-15production0

wirewire-webappMatch2022-02-17staging0

wirewire-webappMatch2022-02-22production0

wirewire-webappMatch2022-03-23staging0

wirewire-webappMatch2022-03-28staging0

wirewire-webappMatch2022-03-29staging0

wirewire-webappMatch2022-03-30production0

wirewire-webappMatch2022-03-31staging0

wirewire-webappMatch2022-04-13staging0

wirewire-webappMatch2022-04-19staging0

wirewire-webappMatch2022-04-21production0

VendorProductVersionCPE
wirewire-webapp2016-07-29-17-00cpe:2.3:a:wire:wire-webapp:2016-07-29-17-00:*:*:*:*:*:*:*
wirewire-webapp2016-08-04-15-44cpe:2.3:a:wire:wire-webapp:2016-08-04-15-44:*:*:*:*:*:*:*
wirewire-webapp2016-08-23-09-31cpe:2.3:a:wire:wire-webapp:2016-08-23-09-31:*:*:*:*:*:*:*
wirewire-webapp2016-08-24-10-10cpe:2.3:a:wire:wire-webapp:2016-08-24-10-10:*:*:*:*:*:*:*
wirewire-webapp2016-08-29-14-54cpe:2.3:a:wire:wire-webapp:2016-08-29-14-54:*:*:*:*:*:*:*
wirewire-webapp2016-09-08-15-38cpe:2.3:a:wire:wire-webapp:2016-09-08-15-38:*:*:*:*:*:*:*
wirewire-webapp2016-09-19-14-01cpe:2.3:a:wire:wire-webapp:2016-09-19-14-01:*:*:*:*:*:*:*
wirewire-webapp2016-09-28-14-58cpe:2.3:a:wire:wire-webapp:2016-09-28-14-58:*:*:*:*:*:*:*
wirewire-webapp2016-10-11-15-34cpe:2.3:a:wire:wire-webapp:2016-10-11-15-34:*:*:*:*:*:*:*
wirewire-webapp2016-10-18-08-10cpe:2.3:a:wire:wire-webapp:2016-10-18-08-10:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
wire	wire-webapp	2016-07-29-17-00	cpe:2.3:a:wire:wire-webapp:2016-07-29-17-00:::::::*
wire	wire-webapp	2016-08-04-15-44	cpe:2.3:a:wire:wire-webapp:2016-08-04-15-44:::::::*
wire	wire-webapp	2016-08-23-09-31	cpe:2.3:a:wire:wire-webapp:2016-08-23-09-31:::::::*
wire	wire-webapp	2016-08-24-10-10	cpe:2.3:a:wire:wire-webapp:2016-08-24-10-10:::::::*
wire	wire-webapp	2016-08-29-14-54	cpe:2.3:a:wire:wire-webapp:2016-08-29-14-54:::::::*
wire	wire-webapp	2016-09-08-15-38	cpe:2.3:a:wire:wire-webapp:2016-09-08-15-38:::::::*
wire	wire-webapp	2016-09-19-14-01	cpe:2.3:a:wire:wire-webapp:2016-09-19-14-01:::::::*
wire	wire-webapp	2016-09-28-14-58	cpe:2.3:a:wire:wire-webapp:2016-09-28-14-58:::::::*
wire	wire-webapp	2016-10-11-15-34	cpe:2.3:a:wire:wire-webapp:2016-10-11-15-34:::::::*
wire	wire-webapp	2016-10-18-08-10	cpe:2.3:a:wire:wire-webapp:2016-10-18-08-10:::::::*

Rows per page:

1-10 of 3671

References

github.com/wireapp/wire-webapp/security/advisories/GHSA-jgv3-4j56-fvh6

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

31.6%

JSON

Related for NVD:CVE-2022-29168

cnvd1 cve1 prion1 cvelist1 osv1