{"id":"CVE-2022-32969","details":"MetaMask before 10.11.3 might allow an attacker to access a user's secret recovery phrase because an input field is used for a BIP39 mnemonic, and Firefox and Chromium save such fields to disk in order to support the Restore Session feature, aka the Demonic issue.","modified":"2026-04-10T05:49:31.498871Z","published":"2022-06-29T15:15:07.907Z","references":[{"type":"ADVISORY","url":"https://halborn.com/disclosures/demonic-vulnerability/"},{"type":"ADVISORY","url":"https://halborn.com/halborn-discovers-critical-vulnerability-affecting-crypto-wallet-browser-extensions/"},{"type":"FIX","url":"https://github.com/MetaMask/metamask-extension/compare/v10.11.2...v10.11.3"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/metamask/metamask-extension","events":[{"introduced":"0"},{"fixed":"a87c84e95246d4b1b11193372308b1bfb26ea5c2"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"10.11.3"}]}}],"versions":["1.3.2","2.10.0","2.10.1","2.10.2","2.11.0","2.11.1","2.13.2","2.13.3","2.13.6","2.6.2","Version-3.6.0","Version2.7.2","v1.3.2","v10.0.0","v10.0.1","v10.0.2","v10.0.3","v10.1.0","v10.1.1","v10.10.0","v10.10.1","v10.10.2","v10.11.0","v10.11.1","v10.11.2","v10.2.0","v10.2.2","v10.3.0","v10.4.0","v10.4.1","v10.5.0","v10.5.1","v10.5.2","v10.6.0","v10.6.1","v10.6.2","v10.6.3","v10.6.4","v10.7.0","v10.7.1","v10.8.0","v10.8.1","v10.8.2","v10.9.0","v10.9.1","v10.9.2","v10.9.3","v2.10.0","v2.10.1","v2.10.2","v2.11.0","v2.11.1","v2.13.2","v2.13.3","v2.13.6","v2.6.2","v2.7.2","v3.1.0","v3.1.1","v3.1.2","v3.10.2","v3.10.3","v3.10.5","v3.12.1","v3.13.0","v3.13.1","v3.6.0","v3.6.1","v3.7.7","v3.8.5","v3.9.10","v3.9.3","v3.9.4","v3.9.5","v3.9.6","v4.1.0","v4.1.1","v4.1.2","v4.10.0","v4.2.0","v4.3.0","v4.4.0","v4.5.0","v4.5.3","v4.6.1","v4.8.0","v4.9.0","v4.9.1","v4.9.2","v5","v5.0.4","v5.1.0","v5.2.1","v5.3.5","v6.0.1","v6.2.0","v6.2.2","v6.3.0","v6.3.1","v7.0.0","v7.2.0","v7.2.1","v7.2.2","v7.2.3","v7.3.0","v7.3.1","v7.4.0","v7.5.0","v7.5.1","v7.5.2","v7.5.3","v7.6.0","v7.6.1","v7.7.0","v7.7.1","v7.7.2","v7.7.3","v7.7.4","v7.7.5","v7.7.6","v7.7.7","v7.7.8","v7.7.9","v8.0.0","v8.0.1","v8.0.10","v8.0.2","v8.0.3","v8.0.4","v8.0.5","v8.0.6","v8.0.7","v8.0.8","v8.0.9","v8.1.0","v8.1.1","v8.1.10","v8.1.11","v8.1.2","v8.1.3","v8.1.4","v8.1.5","v8.1.6","v8.1.7","v8.1.8","v8.1.9","v9.0.0","v9.0.1","v9.0.2","v9.0.3","v9.0.4","v9.0.5","v9.1.0","v9.1.1","v9.2.0","v9.2.1","v9.3.0","v9.4.0","v9.5.0","v9.5.1","v9.5.2","v9.5.3","v9.5.4","v9.5.5","v9.5.6","v9.5.7","v9.5.8","v9.5.9","v9.6.0","v9.6.1","v9.7.0","v9.7.1","v9.8.0","v9.8.1","v9.8.2","v9.8.3","v9.8.4"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-32969.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"}]}