5 matches found
CVE-2022-39254
creationtimestamp| type| source ---|---|--- 2022-09-29 18:35:07+00:00| seen| https://t.me/cibsecurity/50733...
CVE-2022-39254 When matrix-nio receives forwarded room keys, the receiver doesn't check if it requested the key from the forwarder
matrix-nio is a Python Matrix client library, designed according to sans I/O principles. Prior to version 0.20, when a users requests a room key from their devices, the software correctly remember the request. Once they receive a forwarded room key, they accept it without checking who the room ke...
CVE-2022-39254
CVE-2022-39254 affects matrix-nio (Python Matrix client library). Before v0.20, when a user requests a room key from their devices, forwarded room keys could be accepted without verifying the origin, enabling a potential impersonation attack if a homeserver inserts a questionable key. The issue i...
CVE-2022-39254 When matrix-nio receives forwarded room keys, the receiver doesn't check if it requested the key from the forwarder
matrix-nio is a Python Matrix client library, designed according to sans I/O principles. Prior to version 0.20, when a users requests a room key from their devices, the software correctly remember the request. Once they receive a forwarded room key, they accept it without checking who the room ke...
CVE-2022-39254 When matrix-nio receives forwarded room keys, the receiver doesn't check if it requested the key from the forwarder
matrix-nio is a Python Matrix client library, designed according to sans I/O principles. Prior to version 0.20, when a users requests a room key from their devices, the software correctly remember the request. Once they receive a forwarded room key, they accept it without checking who the room ke...