Lucene search
K

9 matches found

Vulnrichment
Vulnrichment
added 2022/11/11 12:0 a.m.6 views

CVE-2022-41904 Element iOS is vulnerable due to missing decoration for events decrypted with untrusted Megolm sessions

Element iOS is an iOS Matrix client provided by Element. It is based on MatrixSDK. Prior to version 1.9.7, events encrypted using Megolm for which trust could not be established did not get decorated accordingly with warning shields. Therefore a malicious homeserver could inject messages into the...

6.4CVSS6.3AI score0.0041EPSS
Exploits0References2
Cvelist
Cvelist
added 2022/11/11 12:0 a.m.34 views

CVE-2022-41904 Element iOS is vulnerable due to missing decoration for events decrypted with untrusted Megolm sessions

Element iOS is an iOS Matrix client provided by Element. It is based on MatrixSDK. Prior to version 1.9.7, events encrypted using Megolm for which trust could not be established did not get decorated accordingly with warning shields. Therefore a malicious homeserver could inject messages into the...

6.4CVSS6.4AI score0.0041EPSS
Exploits0References2
CNNVD
CNNVD
added 2022/11/11 12:0 a.m.5 views

Matrix 安全漏洞

Matrix is an ambitious new ecosystem for open federated instant messaging and VoIP. A security vulnerability exists in Matrix Element iOS versions prior to 1.9.7, which stems from the fact that events it encrypts using Megolm sessions for which trust cannot be established are not trimmed...

6.5CVSS6.5AI score0.0041EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2022/09/30 4:33 a.m.60 views

matrix-android-sdk2 vulnerable to impersonation via forwarded Megolm sessions

Impact An attacker cooperating with a malicious homeserver can construct messages appearing to have come from another person. Such messages will be marked with a grey shield on some platforms, but this may be missing in others. This attack is possible due to the matrix-android-sdk2 implementing a...

7.5CVSS5.4AI score0.00626EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2022/09/30 4:33 a.m.29 views

GHSA-2PVJ-P485-CP3M matrix-android-sdk2 vulnerable to impersonation via forwarded Megolm sessions

Impact An attacker cooperating with a malicious homeserver can construct messages appearing to have come from another person. Such messages will be marked with a grey shield on some platforms, but this may be missing in others. This attack is possible due to the matrix-android-sdk2 implementing a...

7.5CVSS6.1AI score0.00626EPSS
Exploits0References6
Veracode
Veracode
added 2022/09/29 3:47 a.m.28 views

Impersonation Via Forwarded Megolm Sessions

MatrixSDK is vulnerable to impersonation via forwarded Megolm sessions. The use of a too permissive key forwarding strategy in MatrixSDK allows an attacker having coordination with a malicious homeserver to construct messages appearing to have come from another person and the default policy for...

7.5CVSS7.2AI score0.0072EPSS
Exploits0References4Affected Software2
Cvelist
Cvelist
added 2022/09/28 8:55 p.m.37 views

CVE-2022-39257 Matrix iOS SDK vulnerable to impersonation via forwarded Megolm sessions

Matrix iOS SDK allows developers to build iOS apps compatible with Matrix. Prior to version 0.23.19, an attacker cooperating with a malicious homeserver can construct messages appearing to have come from another person. Such messages will be marked with a grey shield on some platforms, but this m...

7.5CVSS7.4AI score0.0072EPSS
Exploits0References4
Cvelist
Cvelist
added 2022/09/28 8:0 p.m.49 views

CVE-2022-39246 matrix-android-sdk2 vulnerable to impersonation via forwarded Megolm sessions

matrix-android-sdk2 is the Matrix SDK for Android. Prior to version 1.5.1, an attacker cooperating with a malicious homeserver can construct messages appearing to have come from another person. Such messages will be marked with a grey shield on some platforms, but this may be missing in others...

7.5CVSS7.6AI score0.00626EPSS
Exploits0References4
Cvelist
Cvelist
added 2022/09/28 12:0 a.m.23 views

CVE-2022-39249 Matrix Javascript SDK vulnerable to impersonation via forwarded Megolm sessions

Matrix Javascript SDK is the Matrix Client-Server SDK for JavaScript. Prior to version 19.7.0, an attacker cooperating with a malicious homeserver can construct messages appearing to have come from another person. Such messages will be marked with a grey shield on some platforms, but this may be...

7.5CVSS8.1AI score0.00946EPSS
Exploits0References6
Rows per page
Query Builder