Lucene search
K

3626 matches found

UbuntuCve
UbuntuCve
added 2022/09/29 3:15 p.m.27 views

CVE-2022-39254

matrix-nio is a Python Matrix client library, designed according to sans I/O principles. Prior to version 0.20, when a users requests a room key from their devices, the software correctly remember the request. Once they receive a forwarded room key, they accept it without checking who the room ke...

8.6CVSS6.9AI score0.00555EPSS
Exploits0References3
Prion
Prion
added 2022/09/29 3:15 p.m.15 views

Design/Logic Flaw

matrix-nio is a Python Matrix client library, designed according to sans I/O principles. Prior to version 0.20, when a users requests a room key from their devices, the software correctly remember the request. Once they receive a forwarded room key, they accept it without checking who the room ke...

4CVSS6.4AI score0.00555EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2022/09/29 3:15 p.m.3 views

UBUNTU-CVE-2022-39254

matrix-nio is a Python Matrix client library, designed according to sans I/O principles. Prior to version 0.20, when a users requests a room key from their devices, the software correctly remember the request. Once they receive a forwarded room key, they accept it without checking who the room ke...

8.6CVSS6.9AI score0.00555EPSS
Exploits0References4
OSV
OSV
added 2022/09/29 2:36 p.m.27 views

GHSA-HVV8-5V86-R45X Improper beacon events in matrix-js-sdk can result in availability issues

Impact Improperly formed beacon events from MSC3488 can disrupt or impede the matrix-js-sdk from functioning properly, potentially impacting the consumer's ability to process data safely. Note that the matrix-js-sdk can appear to be operating normally but be excluding or corrupting runtime data...

4.3CVSS6.3AI score0.00992EPSS
Exploits0References7
Github Security Blog
Github Security Blog
added 2022/09/29 2:36 p.m.32 views

Improper beacon events in matrix-js-sdk can result in availability issues

Impact Improperly formed beacon events from MSC3488 can disrupt or impede the matrix-js-sdk from functioning properly, potentially impacting the consumer's ability to process data safely. Note that the matrix-js-sdk can appear to be operating normally but be excluding or corrupting runtime data...

5.3CVSS6.8AI score0.00992EPSS
Exploits0References7Affected Software1
CVE
CVE
added 2022/09/29 2:35 p.m.79 views

CVE-2022-39254

CVE-2022-39254 affects matrix-nio (Python Matrix client library). Before v0.20, when a user requests a room key from their devices, forwarded room keys could be accepted without verifying the origin, enabling a potential impersonation attack if a homeserver inserts a questionable key. The issue i...

8.6CVSS6.9AI score0.00555EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2022/09/29 2:35 p.m.27 views

CVE-2022-39254 When matrix-nio receives forwarded room keys, the receiver doesn't check if it requested the key from the forwarder

matrix-nio is a Python Matrix client library, designed according to sans I/O principles. Prior to version 0.20, when a users requests a room key from their devices, the software correctly remember the request. Once they receive a forwarded room key, they accept it without checking who the room ke...

8.6CVSS7.3AI score0.00555EPSS
Exploits0References4
Cvelist
Cvelist
added 2022/09/29 2:35 p.m.34 views

CVE-2022-39254 When matrix-nio receives forwarded room keys, the receiver doesn't check if it requested the key from the forwarder

matrix-nio is a Python Matrix client library, designed according to sans I/O principles. Prior to version 0.20, when a users requests a room key from their devices, the software correctly remember the request. Once they receive a forwarded room key, they accept it without checking who the room ke...

8.6CVSS8.7AI score0.00555EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2022/09/29 2:35 p.m.4 views

CVE-2022-39254 When matrix-nio receives forwarded room keys, the receiver doesn't check if it requested the key from the forwarder

matrix-nio is a Python Matrix client library, designed according to sans I/O principles. Prior to version 0.20, when a users requests a room key from their devices, the software correctly remember the request. Once they receive a forwarded room key, they accept it without checking who the room ke...

8.6CVSS8.5AI score0.00555EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2022/09/29 2:35 p.m.57 views

CVE-2022-39254

matrix-nio is a Python Matrix client library, designed according to sans I/O principles. Prior to version 0.20, when a users requests a room key from their devices, the software correctly remember the request. Once they receive a forwarded room key, they accept it without checking who the room ke...

8.6CVSS7.4AI score0.00555EPSS
Exploits0
Vulnrichment
Vulnrichment
added 2022/09/29 2:15 p.m.6 views

CVE-2022-39252 When matrix-rust-sdk recieves forwarded room keys, the reciever doesn't check if it requested the key from the forwarder

matrix-rust-sdk is an implementation of a Matrix client-server library in Rust, and matrix-sdk-crypto is the Matrix encryption library. Prior to version 0.6, when a user requests a room key from their devices, the software correctly remembers the request. When the user receives a forwarded room...

8.6CVSS8.5AI score0.00485EPSS
Exploits0References4
CVE
CVE
added 2022/09/29 2:15 p.m.73 views

CVE-2022-39252

CVE-2022-39252 affects matrix-rust-sdk (and matrix-sdk-crypto). Before 0.6, forwarded room keys could be accepted without verifying the origin device, enabling a homeserver to insert keys of questionable validity and potentially mount an impersonation attack. The issue is fixed in version 0.6. Re...

8.6CVSS7.9AI score0.00485EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2022/09/29 2:15 p.m.25 views

CVE-2022-39252 When matrix-rust-sdk recieves forwarded room keys, the reciever doesn't check if it requested the key from the forwarder

matrix-rust-sdk is an implementation of a Matrix client-server library in Rust, and matrix-sdk-crypto is the Matrix encryption library. Prior to version 0.6, when a user requests a room key from their devices, the software correctly remembers the request. When the user receives a forwarded room...

8.6CVSS7.3AI score0.00485EPSS
Exploits0References6
Cvelist
Cvelist
added 2022/09/29 2:15 p.m.30 views

CVE-2022-39252 When matrix-rust-sdk recieves forwarded room keys, the reciever doesn't check if it requested the key from the forwarder

matrix-rust-sdk is an implementation of a Matrix client-server library in Rust, and matrix-sdk-crypto is the Matrix encryption library. Prior to version 0.6, when a user requests a room key from their devices, the software correctly remembers the request. When the user receives a forwarded room...

8.6CVSS8.7AI score0.00485EPSS
Exploits0References4
OSV
OSV
added 2022/09/29 1:15 p.m.1 views

DEBIAN-CVE-2022-39250

Matrix JavaScript SDK is the Matrix Client-Server software development kit SDK for JavaScript. Prior to version 19.7.0, an attacker cooperating with a malicious homeserver could interfere with the verification flow between two users, injecting its own cross-signing user identity in place of one o...

7.5CVSS7.4AI score0.00928EPSS
Exploits0References1
NVD
NVD
added 2022/09/29 1:15 p.m.13 views

CVE-2022-39250

Matrix JavaScript SDK is the Matrix Client-Server software development kit SDK for JavaScript. Prior to version 19.7.0, an attacker cooperating with a malicious homeserver could interfere with the verification flow between two users, injecting its own cross-signing user identity in place of one o...

8.6CVSS0.00928EPSS
Exploits0References5
UbuntuCve
UbuntuCve
added 2022/09/29 1:15 p.m.38 views

CVE-2022-39250

Matrix JavaScript SDK is the Matrix Client-Server software development kit SDK for JavaScript. Prior to version 19.7.0, an attacker cooperating with a malicious homeserver could interfere with the verification flow between two users, injecting its own cross-signing user identity in place of one o...

8.6CVSS6.9AI score0.00928EPSS
Exploits0References6
OSV
OSV
added 2022/09/29 1:15 p.m.1 views

UBUNTU-CVE-2022-39250

Matrix JavaScript SDK is the Matrix Client-Server software development kit SDK for JavaScript. Prior to version 19.7.0, an attacker cooperating with a malicious homeserver could interfere with the verification flow between two users, injecting its own cross-signing user identity in place of one o...

8.6CVSS6.9AI score0.00928EPSS
Exploits0References7
vulnersOsv
vulnersOsv
added 2022/09/29 12:0 p.m.5 views

alerter (>=0.3.0 <=0.3.1), maruc (=0.1.0) +9 more potentially affected by CVE-2022-39252 via matrix-sdk-crypto (>=0.1.0 <=0.5.0)

matrix-sdk-crypto CARGO version =0.1.0, =0.3.0, =0.1.0, =0.1.0, =0.2.0, =0.1.0, =0.1.10-alpha, =0.13.0, =0.13.1 Source cves: CVE-2022-39252 Source advisory: OSV:RUSTSEC-2022-0085...

8.6CVSS7.1AI score0.00485EPSS
Exploits0
Veracode
Veracode
added 2022/09/29 7:18 a.m.24 views

Denial Of Service (DoS)

matrix-js-sdk is vulnerable to denial of service attacks. The vulnerability exists in the senderKey parameter inmegolm.js due to improperly formed beacon events which allows an attacker to craft a malicious event and crash the system...

5.3CVSS6.4AI score0.00992EPSS
Exploits0References5Affected Software5
Rows per page
Query Builder