Lucene search
K

5 matches found

Circl
Circl
added 2022/09/29 6:35 p.m.5 views

CVE-2022-39254

creationtimestamp| type| source ---|---|--- 2022-09-29 18:35:07+00:00| seen| https://t.me/cibsecurity/50733...

8.6CVSS7.1AI score0.00559EPSS
Exploits0References1
OSV
OSV
added 2022/09/29 2:35 p.m.31 views

CVE-2022-39254 When matrix-nio receives forwarded room keys, the receiver doesn't check if it requested the key from the forwarder

matrix-nio is a Python Matrix client library, designed according to sans I/O principles. Prior to version 0.20, when a users requests a room key from their devices, the software correctly remember the request. Once they receive a forwarded room key, they accept it without checking who the room ke...

8.6CVSS7.3AI score0.00559EPSS
Exploits0References4
CVE
CVE
added 2022/09/29 2:35 p.m.81 views

CVE-2022-39254

CVE-2022-39254 affects matrix-nio (Python Matrix client library). Before v0.20, when a user requests a room key from their devices, forwarded room keys could be accepted without verifying the origin, enabling a potential impersonation attack if a homeserver inserts a questionable key. The issue i...

8.6CVSS6.9AI score0.00559EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2022/09/29 2:35 p.m.49 views

CVE-2022-39254 When matrix-nio receives forwarded room keys, the receiver doesn't check if it requested the key from the forwarder

matrix-nio is a Python Matrix client library, designed according to sans I/O principles. Prior to version 0.20, when a users requests a room key from their devices, the software correctly remember the request. Once they receive a forwarded room key, they accept it without checking who the room ke...

8.6CVSS8.7AI score0.00559EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2022/09/29 2:35 p.m.5 views

CVE-2022-39254 When matrix-nio receives forwarded room keys, the receiver doesn't check if it requested the key from the forwarder

matrix-nio is a Python Matrix client library, designed according to sans I/O principles. Prior to version 0.20, when a users requests a room key from their devices, the software correctly remember the request. Once they receive a forwarded room key, they accept it without checking who the room ke...

8.6CVSS8.5AI score0.00559EPSS
Exploits0References2
Rows per page
Query Builder