Lucene search
+L

32 matches found

cvelist
cvelist
added 2024/07/18 4:45 p.m.41 views

CVE-2024-40648 `UserIdentity::is_verified` not checking verification status of own user identity while performing the check in matrix-rust-sdk

matrix-rust-sdk is an implementation of a Matrix client-server library in Rust. The UserIdentity::isverified method in the matrix-sdk-crypto crate before version 0.7.2 doesn't take into account the verification status of the user's own identity while performing the check and may as a result retur...

5.4CVSS0.0028EPSS
Exploits0References2
osv
osv
added 2024/07/18 4:45 p.m.25 views

CVE-2024-40648 `UserIdentity::is_verified` not checking verification status of own user identity while performing the check in matrix-rust-sdk

matrix-rust-sdk is an implementation of a Matrix client-server library in Rust. The UserIdentity::isverified method in the matrix-sdk-crypto crate before version 0.7.2 doesn't take into account the verification status of the user's own identity while performing the check and may as a result retur...

5.4CVSS6.5AI score0.0028EPSS
Exploits0References4
nvd
nvd
added 2024/05/14 3:38 p.m.27 views

CVE-2024-34353

The matrix-sdk-crypto crate, part of the Matrix Rust SDK project, is an implementation of a Matrix end-to-end encryption state machine in Rust. In Matrix, the server-side key backup stores encrypted copies of Matrix message keys. This facilitates key sharing between a user's devices and provides ...

5.5CVSS5.4AI score0.00193EPSS
Exploits0References5
vulnrichment
vulnrichment
added 2024/05/13 3:43 p.m.18 views

CVE-2024-34353 matrix-sdk-crypto contains a log exposure of private key of the server-side key backup

The matrix-sdk-crypto crate, part of the Matrix Rust SDK project, is an implementation of a Matrix end-to-end encryption state machine in Rust. In Matrix, the server-side key backup stores encrypted copies of Matrix message keys. This facilitates key sharing between a user's devices and provides ...

5.5CVSS6.8AI score0.00193EPSS
Exploits0References5
cvelist
cvelist
added 2024/05/13 3:43 p.m.36 views

CVE-2024-34353 matrix-sdk-crypto contains a log exposure of private key of the server-side key backup

The matrix-sdk-crypto crate, part of the Matrix Rust SDK project, is an implementation of a Matrix end-to-end encryption state machine in Rust. In Matrix, the server-side key backup stores encrypted copies of Matrix message keys. This facilitates key sharing between a user's devices and provides ...

5.5CVSS5.7AI score0.00193EPSS
Exploits0References5
osv
osv
added 2022/09/30 10:51 p.m.82 views

GHSA-VP68-2WRM-69QM matrix-sdk-crypto contains potential impersonation via room key forward responses

Impact When matrix-rust-sdk before 0.6 requests a room key from our devices, it correctly accepts key forwards only if they are a response to a previous request. However, it doesn't check that the device that responded matches the device the key was requested from. This allows a malicious...

6.5CVSS8.1AI score0.00488EPSS
Exploits0References7
github
github
added 2022/09/30 10:51 p.m.30 views

matrix-sdk-crypto contains potential impersonation via room key forward responses

Impact When matrix-rust-sdk before 0.6 requests a room key from our devices, it correctly accepts key forwards only if they are a response to a previous request. However, it doesn't check that the device that responded matches the device the key was requested from. This allows a malicious...

8.6CVSS7.6AI score0.00488EPSS
Exploits0References7Affected Software1
nvd
nvd
added 2022/09/29 3:15 p.m.45 views

CVE-2022-39252

matrix-rust-sdk is an implementation of a Matrix client-server library in Rust, and matrix-sdk-crypto is the Matrix encryption library. Prior to version 0.6, when a user requests a room key from their devices, the software correctly remembers the request. When the user receives a forwarded room...

8.6CVSS0.00488EPSS
Exploits0References4
cve
cve
added 2022/09/29 2:15 p.m.75 views

CVE-2022-39252

CVE-2022-39252 affects matrix-rust-sdk (and matrix-sdk-crypto). Before 0.6, forwarded room keys could be accepted without verifying the origin device, enabling a homeserver to insert keys of questionable validity and potentially mount an impersonation attack. The issue is fixed in version 0.6. Re...

8.6CVSS7.9AI score0.00488EPSS
Exploits0References4Affected Software1
osv
osv
added 2022/09/29 2:15 p.m.29 views

CVE-2022-39252 When matrix-rust-sdk recieves forwarded room keys, the reciever doesn't check if it requested the key from the forwarder

matrix-rust-sdk is an implementation of a Matrix client-server library in Rust, and matrix-sdk-crypto is the Matrix encryption library. Prior to version 0.6, when a user requests a room key from their devices, the software correctly remembers the request. When the user receives a forwarded room...

8.6CVSS7.3AI score0.00488EPSS
Exploits0References6
vulnrichment
vulnrichment
added 2022/09/29 2:15 p.m.6 views

CVE-2022-39252 When matrix-rust-sdk recieves forwarded room keys, the reciever doesn't check if it requested the key from the forwarder

matrix-rust-sdk is an implementation of a Matrix client-server library in Rust, and matrix-sdk-crypto is the Matrix encryption library. Prior to version 0.6, when a user requests a room key from their devices, the software correctly remembers the request. When the user receives a forwarded room...

8.6CVSS8.5AI score0.00488EPSS
Exploits0References4
cvelist
cvelist
added 2022/09/29 2:15 p.m.47 views

CVE-2022-39252 When matrix-rust-sdk recieves forwarded room keys, the reciever doesn't check if it requested the key from the forwarder

matrix-rust-sdk is an implementation of a Matrix client-server library in Rust, and matrix-sdk-crypto is the Matrix encryption library. Prior to version 0.6, when a user requests a room key from their devices, the software correctly remembers the request. When the user receives a forwarded room...

8.6CVSS8.7AI score0.00488EPSS
Exploits0References4
Rows per page
Query Builder