2 matches found
Missing Authorization
matrix-js-sdk is vulnerable to Missing Authorization. The vulnerability exists because a user can join a MSC3401 group call without notifying other users, which allows an attacker to perform invisible eavesdropping in group calls...
CVE-2023-29529 matrix-js-sdk vulnerable to invisible eavesdropping in group calls
matrix-js-sdk is the Matrix Client-Server SDK for JavaScript and TypeScript. An attacker present in a room where an MSC3401 group call is taking place can eavesdrop on the video and audio of participants using matrix-js-sdk, without their knowledge. To affected matrix-js-sdk users, the attacker...