Lucene search
K

30 matches found

NVD
NVD
added 2024/05/14 3:38 p.m.27 views

CVE-2024-34353

The matrix-sdk-crypto crate, part of the Matrix Rust SDK project, is an implementation of a Matrix end-to-end encryption state machine in Rust. In Matrix, the server-side key backup stores encrypted copies of Matrix message keys. This facilitates key sharing between a user's devices and provides ...

5.5CVSS5.4AI score0.00193EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2024/05/13 3:43 p.m.18 views

CVE-2024-34353 matrix-sdk-crypto contains a log exposure of private key of the server-side key backup

The matrix-sdk-crypto crate, part of the Matrix Rust SDK project, is an implementation of a Matrix end-to-end encryption state machine in Rust. In Matrix, the server-side key backup stores encrypted copies of Matrix message keys. This facilitates key sharing between a user's devices and provides ...

5.5CVSS6.8AI score0.00193EPSS
Exploits0References5
Cvelist
Cvelist
added 2024/05/13 3:43 p.m.33 views

CVE-2024-34353 matrix-sdk-crypto contains a log exposure of private key of the server-side key backup

The matrix-sdk-crypto crate, part of the Matrix Rust SDK project, is an implementation of a Matrix end-to-end encryption state machine in Rust. In Matrix, the server-side key backup stores encrypted copies of Matrix message keys. This facilitates key sharing between a user's devices and provides ...

5.5CVSS5.7AI score0.00193EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2022/09/30 10:51 p.m.29 views

matrix-sdk-crypto contains potential impersonation via room key forward responses

Impact When matrix-rust-sdk before 0.6 requests a room key from our devices, it correctly accepts key forwards only if they are a response to a previous request. However, it doesn't check that the device that responded matches the device the key was requested from. This allows a malicious...

8.6CVSS7.6AI score0.00488EPSS
Exploits0References7Affected Software1
OSV
OSV
added 2022/09/30 10:51 p.m.61 views

GHSA-VP68-2WRM-69QM matrix-sdk-crypto contains potential impersonation via room key forward responses

Impact When matrix-rust-sdk before 0.6 requests a room key from our devices, it correctly accepts key forwards only if they are a response to a previous request. However, it doesn't check that the device that responded matches the device the key was requested from. This allows a malicious...

6.5CVSS8.1AI score0.00488EPSS
Exploits0References7
NVD
NVD
added 2022/09/29 3:15 p.m.44 views

CVE-2022-39252

matrix-rust-sdk is an implementation of a Matrix client-server library in Rust, and matrix-sdk-crypto is the Matrix encryption library. Prior to version 0.6, when a user requests a room key from their devices, the software correctly remembers the request. When the user receives a forwarded room...

8.6CVSS0.00488EPSS
Exploits0References4
Cvelist
Cvelist
added 2022/09/29 2:15 p.m.46 views

CVE-2022-39252 When matrix-rust-sdk recieves forwarded room keys, the reciever doesn't check if it requested the key from the forwarder

matrix-rust-sdk is an implementation of a Matrix client-server library in Rust, and matrix-sdk-crypto is the Matrix encryption library. Prior to version 0.6, when a user requests a room key from their devices, the software correctly remembers the request. When the user receives a forwarded room...

8.6CVSS8.7AI score0.00488EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2022/09/29 2:15 p.m.6 views

CVE-2022-39252 When matrix-rust-sdk recieves forwarded room keys, the reciever doesn't check if it requested the key from the forwarder

matrix-rust-sdk is an implementation of a Matrix client-server library in Rust, and matrix-sdk-crypto is the Matrix encryption library. Prior to version 0.6, when a user requests a room key from their devices, the software correctly remembers the request. When the user receives a forwarded room...

8.6CVSS8.5AI score0.00488EPSS
Exploits0References4
OSV
OSV
added 2022/09/29 2:15 p.m.29 views

CVE-2022-39252 When matrix-rust-sdk recieves forwarded room keys, the reciever doesn't check if it requested the key from the forwarder

matrix-rust-sdk is an implementation of a Matrix client-server library in Rust, and matrix-sdk-crypto is the Matrix encryption library. Prior to version 0.6, when a user requests a room key from their devices, the software correctly remembers the request. When the user receives a forwarded room...

8.6CVSS7.3AI score0.00488EPSS
Exploits0References6
CVE
CVE
added 2022/09/29 2:15 p.m.75 views

CVE-2022-39252

CVE-2022-39252 affects matrix-rust-sdk (and matrix-sdk-crypto). Before 0.6, forwarded room keys could be accepted without verifying the origin device, enabling a homeserver to insert keys of questionable validity and potentially mount an impersonation attack. The issue is fixed in version 0.6. Re...

8.6CVSS7.9AI score0.00488EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder