15 matches found
Linux Distros Unpatched Vulnerability : CVE-2022-39254
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - matrix-nio is a Python Matrix client library, designed according to sans I/O principles. Prior to version 0.20, when a users requests a room key from their...
CVE-2022-39254
matrix-nio is a Python Matrix client library, designed according to sans I/O principles. Prior to version 0.20, when a users requests a room key from their devices, the software correctly remember the request. Once they receive a forwarded room key, they accept it without checking who the room ke...
bucktrix (>=0.1.4 <=0.1.5), lokiunimore (>=0.1.0 <=0.5.1) +7 more potentially affected by CVE-2022-39254 via matrix-nio (>=0.15.2 <=0.19.0)
matrix-nio PYPI version =0.15.2, =0.1.4, =0.1.0, =0.2.3, =3.0.0, =0.9.0, =2.0.0, =2.8.0 Source cves: CVE-2022-39254 Source advisory: OSV:GHSA-W4PR-4VJG-HFFH...
GHSA-W4PR-4VJG-HFFH When matrix-nio receives forwarded room keys, the receiver doesn't check if it requested the key from the forwarder
When matrix-nio before 0.20 requests a room key from our devices, it correctly accepts key forwards only if they are a response to a previous request. However, it doesn't check that the device that responded matches the device the key was requested from. This allows a malicious homeserver to inse...
When matrix-nio receives forwarded room keys, the receiver doesn't check if it requested the key from the forwarder
When matrix-nio before 0.20 requests a room key from our devices, it correctly accepts key forwards only if they are a response to a previous request. However, it doesn't check that the device that responded matches the device the key was requested from. This allows a malicious homeserver to inse...
CVE-2022-39254
matrix-nio is a Python Matrix client library, designed according to sans I/O principles. Prior to version 0.20, when a users requests a room key from their devices, the software correctly remember the request. Once they receive a forwarded room key, they accept it without checking who the room ke...
DEBIAN-CVE-2022-39254
matrix-nio is a Python Matrix client library, designed according to sans I/O principles. Prior to version 0.20, when a users requests a room key from their devices, the software correctly remember the request. Once they receive a forwarded room key, they accept it without checking who the room ke...
CVE-2022-39254
matrix-nio is a Python Matrix client library, designed according to sans I/O principles. Prior to version 0.20, when a users requests a room key from their devices, the software correctly remember the request. Once they receive a forwarded room key, they accept it without checking who the room ke...
Design/Logic Flaw
matrix-nio is a Python Matrix client library, designed according to sans I/O principles. Prior to version 0.20, when a users requests a room key from their devices, the software correctly remember the request. Once they receive a forwarded room key, they accept it without checking who the room ke...
CVE-2022-39254 When matrix-nio receives forwarded room keys, the receiver doesn't check if it requested the key from the forwarder
matrix-nio is a Python Matrix client library, designed according to sans I/O principles. Prior to version 0.20, when a users requests a room key from their devices, the software correctly remember the request. Once they receive a forwarded room key, they accept it without checking who the room ke...
CVE-2022-39254
CVE-2022-39254 affects matrix-nio (Python Matrix client library). Before v0.20, when a user requests a room key from their devices, forwarded room keys could be accepted without verifying the origin, enabling a potential impersonation attack if a homeserver inserts a questionable key. The issue i...
CVE-2022-39254 When matrix-nio receives forwarded room keys, the receiver doesn't check if it requested the key from the forwarder
matrix-nio is a Python Matrix client library, designed according to sans I/O principles. Prior to version 0.20, when a users requests a room key from their devices, the software correctly remember the request. Once they receive a forwarded room key, they accept it without checking who the room ke...
CVE-2022-39254 When matrix-nio receives forwarded room keys, the receiver doesn't check if it requested the key from the forwarder
matrix-nio is a Python Matrix client library, designed according to sans I/O principles. Prior to version 0.20, when a users requests a room key from their devices, the software correctly remember the request. Once they receive a forwarded room key, they accept it without checking who the room ke...
PT-2022-24846 · Unknown · Matrix-Nio
Name of the Vulnerable Software and Affected Versions: matrix-nio versions prior to 0.20 Description: The issue arises when a user requests a room key from their devices. The software remembers the request but fails to check the origin of the forwarded room key, allowing homeservers to potentiall...
Matrix 安全漏洞
Matrix is an ambitious new ecosystem for open federated instant messaging and VoIP. A security vulnerability in Matrix matrix-nio prior to version 0.19 stems from a vulnerability that allows a malicious home server to insert a room key of questionable validity into the keystore under certain...