3 matches found
CVE-2024-40648 `UserIdentity::is_verified` not checking verification status of own user identity while performing the check in matrix-rust-sdk
matrix-rust-sdk is an implementation of a Matrix client-server library in Rust. The UserIdentity::isverified method in the matrix-sdk-crypto crate before version 0.7.2 doesn't take into account the verification status of the user's own identity while performing the check and may as a result retur...
CVE-2024-40648 `UserIdentity::is_verified` not checking verification status of own user identity while performing the check in matrix-rust-sdk
matrix-rust-sdk is an implementation of a Matrix client-server library in Rust. The UserIdentity::isverified method in the matrix-sdk-crypto crate before version 0.7.2 doesn't take into account the verification status of the user's own identity while performing the check and may as a result retur...
GHSA-9GGC-845V-GCGV matrix-sdk-crypto contains a log exposure of private key of the server-side key backup
Introduction In Matrix, the server-side key backup stores encrypted copies of Matrix message keys. This facilitates key sharing between a user's devices and provides a redundant copy in case all devices are lost. The key backup uses asymmetric cryptography, with each server-side key backup assign...