EUVD-2022-6668

Malicious code in bioql PyPI...

Authentication Bypass

Matrix Android SDK 2 is vulnerable to authentication bypass. The vulnerability exists in onRoomKeyEvent function of DefaultCryptoService.kt due to lack of entity authentication for key forwarding strategy which allows an attacker to cooperate with a malicious home server...

Cross-site Scripting (XSS)

Matrix Android SDK 2 is vulnerable to cross-site scripting.The vulnerability exists in multiple functions in MXMegolmDecryption.kt due to a protocol confusion in order to send fake to-device messages which allows an attacker to inject the key backup secret during a self-verification...

CVE-2022-39248

matrix-android-sdk2 is the Matrix SDK for Android. Prior to version 1.5.1, an attacker cooperating with a malicious homeserver can construct messages that legitimately appear to have come from another person, without any indication such as a grey shield. Additionally, a sophisticated attacker...

CVE-2022-39246

matrix-android-sdk2 is the Matrix SDK for Android. Prior to version 1.5.1, an attacker cooperating with a malicious homeserver can construct messages appearing to have come from another person. Such messages will be marked with a grey shield on some platforms, but this may be missing in others...

CVE-2022-39248

Summary (Mode C): CVE-2022-39248 affects matrix-android-sdk2 prior to 1.5.1. A protocol confusion vulnerability permits an attacker cooperating with a malicious homeserver to craft to-device messages that appear to originate from another user, bypassing indicators like a grey shield. In a targete...

CVE-2022-39248 matrix-android-sdk2 vulnerable to Olm/Megolm protocol confusion

matrix-android-sdk2 is the Matrix SDK for Android. Prior to version 1.5.1, an attacker cooperating with a malicious homeserver can construct messages that legitimately appear to have come from another person, without any indication such as a grey shield. Additionally, a sophisticated attacker...

CVE-2022-39246

matrix-android-sdk2 (Android Matrix SDK) before version 1.5.1 is vulnerable: an attacker collaborating with a malicious homeserver can craft messages that appear from another user due to an overly permissive key-forwarding policy. Starting with 1.5.1, the default key-forwarding policy is stricter...

CVE-2022-39246 matrix-android-sdk2 vulnerable to impersonation via forwarded Megolm sessions

matrix-android-sdk2 is the Matrix SDK for Android. Prior to version 1.5.1, an attacker cooperating with a malicious homeserver can construct messages appearing to have come from another person. Such messages will be marked with a grey shield on some platforms, but this may be missing in others...

PT-2022-24839 · Unknown · Matrix-Android-Sdk2

Name of the Vulnerable Software and Affected Versions: matrix-android-sdk2 versions prior to 1.5.1 Description: An attacker cooperating with a malicious homeserver can construct messages appearing to have come from another person. Such messages will be marked with a grey shield on some platforms,...

PT-2022-24840 · Unknown · Matrix-Android-Sdk

Name of the Vulnerable Software and Affected Versions: matrix-android-sdk2 versions prior to 1.5.1 Description: An attacker cooperating with a malicious homeserver can construct messages that appear to have come from another person without any indication. This vulnerability can be used to perform...

Matrix clients -- several vulnerabilities

Matrix developers report: Two critical severity vulnerabilities in end-to-end encryption were found in the SDKs which power Element, Beeper, Cinny, SchildiChat, Circuli, Synod.im and any other clients based on matrix-js-sdk, matrix-ios-sdk or matrix-android-sdk2...

CVE-2021-40824

A logic error in the room key sharing functionality of Element Android before 1.2.2 and matrix-android-sdk2 aka Matrix SDK for Android before 1.2.2 allows a malicious Matrix homeserver present in an encrypted room to steal room encryption keys via crafted Matrix protocol messages that were...

CVE-2021-40824

A logic error in the room key sharing functionality of Element Android before 1.2.2 and matrix-android-sdk2 aka Matrix SDK for Android before 1.2.2 allows a malicious Matrix homeserver present in an encrypted room to steal room encryption keys via crafted Matrix protocol messages that were...

CVE-2021-40824

A logic error in the room key sharing functionality of Element Android before 1.2.2 and matrix-android-sdk2 aka Matrix SDK for Android before 1.2.2 allows a malicious Matrix homeserver present in an encrypted room to steal room encryption keys via crafted Matrix protocol messages that were...

CVE-2021-40824

The CVE-2021-40824 issue affects Element Android prior to 1.2.2 and matrix-android-sdk2 (Matrix SDK for Android). A logic error in the room key sharing functionality allows a malicious Matrix homeserver in an encrypted room to steal room encryption keys via crafted Matrix protocol messages, enabl...

Element Android 加密问题漏洞

Element Android is the Android Matrix client provided by Element. A cryptographic issue vulnerability exists in Element Android prior to version 1.2.2 and matrix-android-sdk2 prior to version 1.2.2, which stems from a logic error in the device's room key sharing functionality that results in...