Matrix JavaScript SDK prior to 19.7.0 allows malicious homeserver to interfere with user verification flow, leading to trust of wrong user identity
Reporter | Title | Published | Views | Family All 78 |
---|---|---|---|---|
Veracode | Authentication Bypass | 30 Sep 202206:19 | β | veracode |
RedhatCVE | CVE-2022-39250 | 17 Oct 202214:18 | β | redhatcve |
Github Security Blog | matrix-js-sdk subject to user impersonation due to key/device identifier confusion in SAS verification | 30 Sep 202222:46 | β | github |
AlpineLinux | CVE-2022-39250 | 29 Sep 202213:15 | β | alpinelinux |
Prion | Cross site scripting | 29 Sep 202213:15 | β | prion |
OSV | matrix-js-sdk subject to user impersonation due to key/device identifier confusion in SAS verification | 30 Sep 202222:46 | β | osv |
OSV | CVE-2022-39250 | 29 Sep 202213:15 | β | osv |
OSV | MozillaThunderbird-102.3.1-1.1 on GA media | 15 Jun 202400:00 | β | osv |
OSV | element-desktop-1.11.8-1.1 on GA media | 15 Jun 202400:00 | β | osv |
OSV | element-web-1.11.8-1.1 on GA media | 15 Jun 202400:00 | β | osv |
[
{
"vendor": "matrix-org",
"product": "matrix-js-sdk",
"versions": [
{
"version": "< 19.7.0",
"status": "affected"
}
]
}
]
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. ContactΒ us for a demo andΒ discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo