Lucene search
K

3625 matches found

Veracode
Veracode
added 2022/09/29 6:54 a.m.17 views

Cross-site Scripting (XSS)

Matrix Android SDK 2 is vulnerable to cross-site scripting.The vulnerability exists in multiple functions in MXMegolmDecryption.kt due to a protocol confusion in order to send fake to-device messages which allows an attacker to inject the key backup secret during a self-verification...

8.6CVSS7.1AI score0.0072EPSS
Exploits0References4Affected Software1
Vulnrichment
Vulnrichment
added 2022/09/29 12:0 a.m.3 views

CVE-2022-39250 Matrix JavaScript SDK vulnerable to key/device identifier confusion in SAS verification

Matrix JavaScript SDK is the Matrix Client-Server software development kit SDK for JavaScript. Prior to version 19.7.0, an attacker cooperating with a malicious homeserver could interfere with the verification flow between two users, injecting its own cross-signing user identity in place of one o...

8.6CVSS8.5AI score0.00928EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2022/09/29 12:0 a.m.4 views

PT-2022-24846 · Unknown · Matrix-Nio

Name of the Vulnerable Software and Affected Versions: matrix-nio versions prior to 0.20 Description: The issue arises when a user requests a room key from their devices. The software remembers the request but fails to check the origin of the forwarded room key, allowing homeservers to potentiall...

8.6CVSS7.1AI score0.00555EPSS
Exploits0References12
Debian CVE
Debian CVE
added 2022/09/29 12:0 a.m.25 views

CVE-2022-39250

Matrix JavaScript SDK is the Matrix Client-Server software development kit SDK for JavaScript. Prior to version 19.7.0, an attacker cooperating with a malicious homeserver could interfere with the verification flow between two users, injecting its own cross-signing user identity in place of one o...

8.6CVSS8.2AI score0.00928EPSS
Exploits0
CNNVD
CNNVD
added 2022/09/29 12:0 a.m.2 views

Matrix 安全漏洞

Matrix is an ambitious new ecosystem for open federated instant messaging and VoIP. A security vulnerability in Matrix matrix-nio prior to version 0.19 stems from a vulnerability that allows a malicious home server to insert a room key of questionable validity into the keystore under certain...

8.6CVSS7AI score0.00555EPSS
Exploits0References3
CNNVD
CNNVD
added 2022/09/29 12:0 a.m.4 views

Matrix 安全漏洞

Matrix is an ambitious new ecosystem for open federated instant messaging and VoIP. A security vulnerability in Matrix matrix-sdk-crypto prior to version 0.5 stems from a vulnerability that allows a malicious home server to insert a room key of questionable validity into the keystore under certai...

8.6CVSS7.3AI score0.00485EPSS
Exploits0References5
CNNVD
CNNVD
added 2022/09/29 12:0 a.m.3 views

Matrix 授权问题漏洞

Matrix is an ambitious new ecosystem for open federated instant messaging and VoIP. A security vulnerability exists in the Matrix JavaScript SDK prior to version 19.7.0, which arises from checking and signing a user's identity and device in two separate steps and not adequately fixing the key to ...

8.6CVSS7.9AI score0.00928EPSS
Exploits0References12
Cvelist
Cvelist
added 2022/09/29 12:0 a.m.18 views

CVE-2022-39250 Matrix JavaScript SDK vulnerable to key/device identifier confusion in SAS verification

Matrix JavaScript SDK is the Matrix Client-Server software development kit SDK for JavaScript. Prior to version 19.7.0, an attacker cooperating with a malicious homeserver could interfere with the verification flow between two users, injecting its own cross-signing user identity in place of one o...

8.6CVSS8.3AI score0.00928EPSS
Exploits0References5
NCSC
NCSC
added 2022/09/29 12:0 a.m.6 views

Vulnerabilities fixed in Matrix SDKs

Matrix has fixed vulnerabilities in the following SDKs; matrix-js-sdk, matrix-ios-sdk and matrix-android-sdk2. These SDKs are used in a number of Matrix-based clients including the popular Element. The vulnerabilities allow a malicious able to perform attacks that result in the following categori...

8.6CVSS7AI score0.00992EPSS
Exploits0
OSV
OSV
added 2022/09/29 12:0 a.m.19 views

CVE-2022-39250 Matrix JavaScript SDK vulnerable to key/device identifier confusion in SAS verification

Matrix JavaScript SDK is the Matrix Client-Server software development kit SDK for JavaScript. Prior to version 19.7.0, an attacker cooperating with a malicious homeserver could interfere with the verification flow between two users, injecting its own cross-signing user identity in place of one o...

8.6CVSS8.2AI score0.00928EPSS
Exploits0References7
CVE
CVE
added 2022/09/29 12:0 a.m.144 views

CVE-2022-39250

CVE-2022-39250 corresponds to a vulnerability in the Matrix JavaScript SDK (matrix-js-sdk) prior to version 19.7.0. The issue arises from checking and signing user identities and devices in two separate steps, and not consistently fixing the signing key between steps, enabling a malicious homeser...

8.6CVSS8AI score0.00928EPSS
Exploits0References5Affected Software1
AlpineLinux
AlpineLinux
added 2022/09/29 12:0 a.m.59 views

CVE-2022-39250

Matrix JavaScript SDK is the Matrix Client-Server software development kit SDK for JavaScript. Prior to version 19.7.0, an attacker cooperating with a malicious homeserver could interfere with the verification flow between two users, injecting its own cross-signing user identity in place of one o...

8.6CVSS8.2AI score0.00928EPSS
Exploits0
Prion
Prion
added 2022/09/28 10:15 p.m.21 views

Cross site request forgery (csrf)

nheko is a desktop client for the Matrix communication application. All versions below 0.10.2 are vulnerable homeservers inserting malicious secrets, which could lead to man-in-the-middle attacks. Users can upgrade to version 0.10.2 to protect against this issue. As a workaround, one may apply th...

2.6CVSS5.5AI score0.00624EPSS
Exploits0References5Affected Software2
UbuntuCve
UbuntuCve
added 2022/09/28 10:15 p.m.39 views

CVE-2022-39264

nheko is a desktop client for the Matrix communication application. All versions below 0.10.2 are vulnerable homeservers inserting malicious secrets, which could lead to man-in-the-middle attacks. Users can upgrade to version 0.10.2 to protect against this issue. As a workaround, one may apply th...

8.6CVSS6.8AI score0.00624EPSS
Exploits0References4
NVD
NVD
added 2022/09/28 9:15 p.m.20 views

CVE-2022-39257

Matrix iOS SDK allows developers to build iOS apps compatible with Matrix. Prior to version 0.23.19, an attacker cooperating with a malicious homeserver can construct messages appearing to have come from another person. Such messages will be marked with a grey shield on some platforms, but this m...

7.5CVSS0.0072EPSS
Exploits0References4
NVD
NVD
added 2022/09/28 9:15 p.m.33 views

CVE-2022-39255

Matrix iOS SDK allows developers to build iOS apps compatible with Matrix. Prior to version 0.23.19, an attacker cooperating with a malicious homeserver can construct messages that legitimately appear to have come from another person, without any indication such as a grey shield. Additionally, a...

8.6CVSS0.0072EPSS
Exploits0References4
Prion
Prion
added 2022/09/28 9:15 p.m.16 views

Design/Logic Flaw

Matrix iOS SDK allows developers to build iOS apps compatible with Matrix. Prior to version 0.23.19, an attacker cooperating with a malicious homeserver can construct messages appearing to have come from another person. Such messages will be marked with a grey shield on some platforms, but this m...

5CVSS7.2AI score0.0072EPSS
Exploits0References4Affected Software1
Prion
Prion
added 2022/09/28 9:15 p.m.24 views

Type confusion

Matrix iOS SDK allows developers to build iOS apps compatible with Matrix. Prior to version 0.23.19, an attacker cooperating with a malicious homeserver can construct messages that legitimately appear to have come from another person, without any indication such as a grey shield. Additionally, a...

5CVSS7.2AI score0.0072EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2022/09/28 8:55 p.m.68 views

CVE-2022-39257

The CVE concerns Matrix iOS SDK prior to 0.23.19, where a too-permissive key forwarding policy allows an attacker coordinating with a malicious homeserver to create messages that appear to come from another user. The SDK now enforces stricter forwarding: forwarded keys are accepted only in respon...

7.5CVSS7.2AI score0.0072EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2022/09/28 8:55 p.m.25 views

CVE-2022-39257 Matrix iOS SDK vulnerable to impersonation via forwarded Megolm sessions

Matrix iOS SDK allows developers to build iOS apps compatible with Matrix. Prior to version 0.23.19, an attacker cooperating with a malicious homeserver can construct messages appearing to have come from another person. Such messages will be marked with a grey shield on some platforms, but this m...

7.5CVSS7.4AI score0.0072EPSS
Exploits0References4
Rows per page
Query Builder