9 matches found
CVE-2022-41904 Element iOS is vulnerable due to missing decoration for events decrypted with untrusted Megolm sessions
Element iOS is an iOS Matrix client provided by Element. It is based on MatrixSDK. Prior to version 1.9.7, events encrypted using Megolm for which trust could not be established did not get decorated accordingly with warning shields. Therefore a malicious homeserver could inject messages into the...
CVE-2022-41904 Element iOS is vulnerable due to missing decoration for events decrypted with untrusted Megolm sessions
Element iOS is an iOS Matrix client provided by Element. It is based on MatrixSDK. Prior to version 1.9.7, events encrypted using Megolm for which trust could not be established did not get decorated accordingly with warning shields. Therefore a malicious homeserver could inject messages into the...
Matrix 安全漏洞
Matrix is an ambitious new ecosystem for open federated instant messaging and VoIP. A security vulnerability exists in Matrix Element iOS versions prior to 1.9.7, which stems from the fact that events it encrypts using Megolm sessions for which trust cannot be established are not trimmed...
matrix-android-sdk2 vulnerable to impersonation via forwarded Megolm sessions
Impact An attacker cooperating with a malicious homeserver can construct messages appearing to have come from another person. Such messages will be marked with a grey shield on some platforms, but this may be missing in others. This attack is possible due to the matrix-android-sdk2 implementing a...
GHSA-2PVJ-P485-CP3M matrix-android-sdk2 vulnerable to impersonation via forwarded Megolm sessions
Impact An attacker cooperating with a malicious homeserver can construct messages appearing to have come from another person. Such messages will be marked with a grey shield on some platforms, but this may be missing in others. This attack is possible due to the matrix-android-sdk2 implementing a...
Impersonation Via Forwarded Megolm Sessions
MatrixSDK is vulnerable to impersonation via forwarded Megolm sessions. The use of a too permissive key forwarding strategy in MatrixSDK allows an attacker having coordination with a malicious homeserver to construct messages appearing to have come from another person and the default policy for...
CVE-2022-39257 Matrix iOS SDK vulnerable to impersonation via forwarded Megolm sessions
Matrix iOS SDK allows developers to build iOS apps compatible with Matrix. Prior to version 0.23.19, an attacker cooperating with a malicious homeserver can construct messages appearing to have come from another person. Such messages will be marked with a grey shield on some platforms, but this m...
CVE-2022-39246 matrix-android-sdk2 vulnerable to impersonation via forwarded Megolm sessions
matrix-android-sdk2 is the Matrix SDK for Android. Prior to version 1.5.1, an attacker cooperating with a malicious homeserver can construct messages appearing to have come from another person. Such messages will be marked with a grey shield on some platforms, but this may be missing in others...
CVE-2022-39249 Matrix Javascript SDK vulnerable to impersonation via forwarded Megolm sessions
Matrix Javascript SDK is the Matrix Client-Server SDK for JavaScript. Prior to version 19.7.0, an attacker cooperating with a malicious homeserver can construct messages appearing to have come from another person. Such messages will be marked with a grey shield on some platforms, but this may be...