CVE-2022-1955

Session 1.13.0 allows an attacker with physical access to the victim's device to bypass the application's password/pin lock to access user data. This is possible due to lack of adequate security controls to prevent dynamic code manipulation.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.6 MEDIUM
PHYSICAL
LOW
NONE
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Fluid AttacksCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 24%
Common Weakness Enumeration
References
https://fluidattacks.com/advisories/tempest/
https://github.com/oxen-io/session-android
https://github.com/oxen-io/session-android/pull/897
https://fluidattacks.com/advisories/tempest/
https://github.com/oxen-io/session-android
https://github.com/oxen-io/session-android/pull/897