CVE-2022-1955

EUVD-2022-25223
Session 1.13.0 allows an attacker with physical access to the victim's device to bypass the application's password/pin lock to access user data. This is possible due to lack of adequate security controls to prevent dynamic code manipulation.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4.6 MEDIUM
PHYSICAL
LOW
NONE
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: 23%
Common Weakness Enumeration
References
https://fluidattacks.com/advisories/tempest/
https://github.com/oxen-io/session-android
https://github.com/oxen-io/session-android/pull/897
https://fluidattacks.com/advisories/tempest/
https://github.com/oxen-io/session-android
https://github.com/oxen-io/session-android/pull/897