Lucene search

GoogleOSV:GHSA-F83W-WQHC-CFP4

HistoryAug 06, 2024 - 2:12 p.m.

Matrix SDK for React's URL preview setting for a room is controllable by the homeserver

2024-08-0614:12:45

Google

osv.dev

matrix sdk

react

url preview

controllable

homeserver

malicious

account data

client

end-to-end encrypted

messages

server

cvss score 4.1

high severity

issue

patch

matrix-react-sdk 3.105.0

deployments

federations

trusted servers

CVSS3

7.7

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

EPSS

0.001

Percentile

18.8%

JSON

Impact

A malicious homeserver could manipulate a user’s account data to cause the client to enable URL previews in end-to-end encrypted rooms, in which case any URLs in encrypted messages would be sent to the server.

Even if the CVSS score would be 4.1 (AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N) the maintainer classifies this as High severity issue.

Patches

This was patched in matrix-react-sdk 3.105.1.

Workarounds

Deployments that trust their homeservers, as well as closed federations of trusted servers, are not affected.

References

N/A.

References

github.com/matrix-org/matrix-react-sdk

github.com/matrix-org/matrix-react-sdk/releases/tag/v3.105.1

github.com/matrix-org/matrix-react-sdk/security/advisories/GHSA-f83w-wqhc-cfp4

nvd.nist.gov/vuln/detail/CVE-2024-42347

CVSS3

7.7

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

EPSS

0.001

Percentile

18.8%

JSON

Related for OSV:GHSA-F83W-WQHC-CFP4