Lucene search
+L

55 matches found

CVE
CVE
added 2022/09/29 2:35 p.m.82 views

CVE-2022-39254

CVE-2022-39254 affects matrix-nio (Python Matrix client library). Before v0.20, when a user requests a room key from their devices, forwarded room keys could be accepted without verifying the origin, enabling a potential impersonation attack if a homeserver inserts a questionable key. The issue i...

8.6CVSS6.9AI score0.00559EPSS
Exploits0References2Affected Software1
Debian CVE
Debian CVE
added 2022/09/29 2:35 p.m.115 views

CVE-2022-39254

matrix-nio is a Python Matrix client library, designed according to sans I/O principles. Prior to version 0.20, when a users requests a room key from their devices, the software correctly remember the request. Once they receive a forwarded room key, they accept it without checking who the room ke...

8.6CVSS7.4AI score0.00559EPSS
Exploits0
Cvelist
Cvelist
added 2022/09/29 2:35 p.m.50 views

CVE-2022-39254 When matrix-nio receives forwarded room keys, the receiver doesn't check if it requested the key from the forwarder

matrix-nio is a Python Matrix client library, designed according to sans I/O principles. Prior to version 0.20, when a users requests a room key from their devices, the software correctly remember the request. Once they receive a forwarded room key, they accept it without checking who the room ke...

8.6CVSS8.7AI score0.00559EPSS
Exploits0References2
Cvelist
Cvelist
added 2022/09/29 2:15 p.m.47 views

CVE-2022-39252 When matrix-rust-sdk recieves forwarded room keys, the reciever doesn't check if it requested the key from the forwarder

matrix-rust-sdk is an implementation of a Matrix client-server library in Rust, and matrix-sdk-crypto is the Matrix encryption library. Prior to version 0.6, when a user requests a room key from their devices, the software correctly remembers the request. When the user receives a forwarded room...

8.6CVSS8.7AI score0.00488EPSS
Exploits0References4
CVE
CVE
added 2022/09/29 2:15 p.m.78 views

CVE-2022-39252

CVE-2022-39252 affects matrix-rust-sdk (and matrix-sdk-crypto). Before 0.6, forwarded room keys could be accepted without verifying the origin device, enabling a homeserver to insert keys of questionable validity and potentially mount an impersonation attack. The issue is fixed in version 0.6. Re...

8.6CVSS7.9AI score0.00488EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2022/09/29 1:15 p.m.4 views

UBUNTU-CVE-2022-39250

Matrix JavaScript SDK is the Matrix Client-Server software development kit SDK for JavaScript. Prior to version 19.7.0, an attacker cooperating with a malicious homeserver could interfere with the verification flow between two users, injecting its own cross-signing user identity in place of one o...

8.6CVSS6.9AI score0.00942EPSS
Exploits0References7
OSV
OSV
added 2022/09/29 12:0 a.m.21 views

CVE-2022-39250 Matrix JavaScript SDK vulnerable to key/device identifier confusion in SAS verification

Matrix JavaScript SDK is the Matrix Client-Server software development kit SDK for JavaScript. Prior to version 19.7.0, an attacker cooperating with a malicious homeserver could interfere with the verification flow between two users, injecting its own cross-signing user identity in place of one o...

8.6CVSS8.2AI score0.00942EPSS
Exploits0References7
UbuntuCve
UbuntuCve
added 2022/09/28 8:15 p.m.47 views

CVE-2022-39249

Matrix Javascript SDK is the Matrix Client-Server SDK for JavaScript. Prior to version 19.7.0, an attacker cooperating with a malicious homeserver can construct messages appearing to have come from another person. Such messages will be marked with a grey shield on some platforms, but this may be...

7.5CVSS7AI score0.0099EPSS
Exploits0References7
Prion
Prion
added 2022/09/28 8:15 p.m.15 views

Type confusion

Matrix Javascript SDK is the Matrix Client-Server SDK for JavaScript. Prior to version 19.7.0, an attacker cooperating with a malicious homeserver can construct messages that legitimately appear to have come from another person, without any indication such as a grey shield. Additionally, a...

5CVSS7.9AI score0.00913EPSS
Exploits0References5Affected Software1
Prion
Prion
added 2022/09/28 5:15 p.m.22 views

Design/Logic Flaw

Matrix Javascript SDK is the Matrix Client-Server SDK for JavaScript. Starting with version 17.1.0-rc.1, improperly formed beacon events can disrupt or impede the matrix-js-sdk from functioning properly, potentially impacting the consumer's ability to process data safely. Note that the...

5CVSS6.5AI score0.01047EPSS
Exploits0References5Affected Software1
AlpineLinux
AlpineLinux
added 2022/09/28 12:0 a.m.54 views

CVE-2022-39251

Matrix Javascript SDK is the Matrix Client-Server SDK for JavaScript. Prior to version 19.7.0, an attacker cooperating with a malicious homeserver can construct messages that legitimately appear to have come from another person, without any indication such as a grey shield. Additionally, a...

8.6CVSS8.2AI score0.00913EPSS
Exploits0
Debian CVE
Debian CVE
added 2022/09/28 12:0 a.m.45 views

CVE-2022-39249

Matrix Javascript SDK is the Matrix Client-Server SDK for JavaScript. Prior to version 19.7.0, an attacker cooperating with a malicious homeserver can construct messages appearing to have come from another person. Such messages will be marked with a grey shield on some platforms, but this may be...

7.5CVSS8.1AI score0.0099EPSS
Exploits0
NVD
NVD
added 2022/02/01 12:15 p.m.29 views

CVE-2022-23597

Element Desktop is a Matrix client for desktop platforms with Element Web at its core. Element Desktop before 1.9.7 is vulnerable to a remote program execution bug with user interaction. The exploit is non-trivial and requires clicking on a malicious link, followed by another button click. To the...

8.8CVSS0.0148EPSS
Exploits0References2
CVE
CVE
added 2022/02/01 11:49 a.m.137 views

CVE-2022-23597

Element Desktop before 1.9.7 is vulnerable to a remote code execution bug via user interaction that requires a malicious link click followed by another button click. The attacker can specify a binary path on the victim’s machine for execution (arguments cannot be set), and in some configurations ...

8.8CVSS8.8AI score0.0148EPSS
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2021/03/03 2:23 a.m.47 views

User content sandbox can be confused into opening arbitrary documents

Impact The user content sandbox can be abused to trick users into opening unexpected documents after several user interactions. The content can be opened with a blob origin from the Matrix client, so it is possible for a malicious document to access user messages and secrets. Patches This has bee...

4.3CVSS1.9AI score0.00922EPSS
Exploits0References6Affected Software1
Rows per page
Query Builder