Lucene search
K

21 matches found

RustSec
RustSec
added 2026/06/03 12:0 p.m.14 views

Sender-binding gaps in to-device messages

The matrix-sdk-crypto crate before 0.16.1 is missing a check for the sender's user ID when decrypting an Olm-encrypted to-device message containing the senderdevicekeys property. This could be exploited to spoof the sender of an encrypted to-device message, but only if the attacker colludes with ...

5.8AI score0.0005EPSS
Exploits0Affected Software1
OSV
OSV
added 2026/06/03 12:0 p.m.10 views

RUSTSEC-2026-0159 Sender-binding gaps in to-device messages

The matrix-sdk-crypto crate before 0.16.1 is missing a check for the sender's user ID when decrypting an Olm-encrypted to-device message containing the senderdevicekeys property. This could be exploited to spoof the sender of an encrypted to-device message, but only if the attacker colludes with ...

5.8AI score0.0005EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/02/05 7:36 p.m.10 views

CVE-2022-39255

Matrix iOS SDK allows developers to build iOS apps compatible with Matrix. Prior to version 0.23.19, an attacker cooperating with a malicious homeserver can construct messages that legitimately appear to have come from another person, without any indication such as a grey shield. Additionally, a...

8.6CVSS6.4AI score0.0072EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2023/02/15 3:23 a.m.3 views

SUSE CVE-2022-39251

Matrix Javascript SDK is the Matrix Client-Server SDK for JavaScript. Prior to version 19.7.0, an attacker cooperating with a malicious homeserver can construct messages that legitimately appear to have come from another person, without any indication such as a grey shield. Additionally, a...

7.5CVSS9AI score0.00872EPSS
Exploits0References4
Mageia
Mageia
added 2022/10/01 5:48 p.m.53 views

Updated thunderbird packages fix security vulnerability

Improperly formed beacon events can disrupt or impede the matrix-js-sdk from functioning properlyCVE-2022-39236 Too permissive key forwarding strategy allowing impersonation CVE-2022-39249 Trusting/verifying the user identity under the control of the homeserver instead of the intended one...

8.6CVSS3.7AI score0.01001EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2022/09/30 4:37 a.m.54 views

matrix-android-sdk2 vulnerable to Olm/Megolm protocol confusion

Impact An attacker cooperating with a malicious homeserver can construct messages that legitimately appear to have come from another person, without any indication such as a grey shield. Additionally, a sophisticated attacker cooperating with a malicious homeserver could employ this vulnerability...

8.6CVSS7.1AI score0.0072EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2022/09/30 4:37 a.m.30 views

GHSA-FPGF-PJJV-2QGM matrix-android-sdk2 vulnerable to Olm/Megolm protocol confusion

Impact An attacker cooperating with a malicious homeserver can construct messages that legitimately appear to have come from another person, without any indication such as a grey shield. Additionally, a sophisticated attacker cooperating with a malicious homeserver could employ this vulnerability...

8.6CVSS7.8AI score0.0072EPSS
Exploits0References6
Veracode
Veracode
added 2022/09/29 6:54 a.m.17 views

Cross-site Scripting (XSS)

Matrix Android SDK 2 is vulnerable to cross-site scripting.The vulnerability exists in multiple functions in MXMegolmDecryption.kt due to a protocol confusion in order to send fake to-device messages which allows an attacker to inject the key backup secret during a self-verification...

8.6CVSS7.1AI score0.0072EPSS
Exploits0References4Affected Software1
Prion
Prion
added 2022/09/28 9:15 p.m.24 views

Type confusion

Matrix iOS SDK allows developers to build iOS apps compatible with Matrix. Prior to version 0.23.19, an attacker cooperating with a malicious homeserver can construct messages that legitimately appear to have come from another person, without any indication such as a grey shield. Additionally, a...

5CVSS7.2AI score0.0072EPSS
Exploits0References4Affected Software1
Vulnrichment
Vulnrichment
added 2022/09/28 8:35 p.m.9 views

CVE-2022-39255 Matrix iOS SDK vulnerable ton Olm/Megolm protocol confusion

Matrix iOS SDK allows developers to build iOS apps compatible with Matrix. Prior to version 0.23.19, an attacker cooperating with a malicious homeserver can construct messages that legitimately appear to have come from another person, without any indication such as a grey shield. Additionally, a...

8.6CVSS8.3AI score0.0072EPSS
Exploits0References4
Cvelist
Cvelist
added 2022/09/28 8:35 p.m.41 views

CVE-2022-39255 Matrix iOS SDK vulnerable ton Olm/Megolm protocol confusion

Matrix iOS SDK allows developers to build iOS apps compatible with Matrix. Prior to version 0.23.19, an attacker cooperating with a malicious homeserver can construct messages that legitimately appear to have come from another person, without any indication such as a grey shield. Additionally, a...

8.6CVSS8.5AI score0.0072EPSS
Exploits0References4
CVE
CVE
added 2022/09/28 8:35 p.m.84 views

CVE-2022-39255

Summary (CVE-2022-39255): The Matrix iOS SDK (prior to 0.23.19) is vulnerable to protocol confusion between Megolm and Olm for to-device messages. An attacker collaborating with a malicious homeserver can craft messages that appear to come from another user, enabling impersonation and targeted at...

8.6CVSS7.5AI score0.0072EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2022/09/28 8:15 p.m.1 views

DEBIAN-CVE-2022-39251

Matrix Javascript SDK is the Matrix Client-Server SDK for JavaScript. Prior to version 19.7.0, an attacker cooperating with a malicious homeserver can construct messages that legitimately appear to have come from another person, without any indication such as a grey shield. Additionally, a...

7.5CVSS7.5AI score0.00872EPSS
Exploits0References1
OSV
OSV
added 2022/09/28 8:15 p.m.3 views

UBUNTU-CVE-2022-39251

Matrix Javascript SDK is the Matrix Client-Server SDK for JavaScript. Prior to version 19.7.0, an attacker cooperating with a malicious homeserver can construct messages that legitimately appear to have come from another person, without any indication such as a grey shield. Additionally, a...

8.6CVSS7AI score0.00872EPSS
Exploits0References7
Cvelist
Cvelist
added 2022/09/28 8:5 p.m.52 views

CVE-2022-39248 matrix-android-sdk2 vulnerable to Olm/Megolm protocol confusion

matrix-android-sdk2 is the Matrix SDK for Android. Prior to version 1.5.1, an attacker cooperating with a malicious homeserver can construct messages that legitimately appear to have come from another person, without any indication such as a grey shield. Additionally, a sophisticated attacker...

8.6CVSS8.8AI score0.0072EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2022/09/28 12:0 a.m.6 views

PT-2022-24847 · Unknown · Matrix Ios Sdk

Name of the Vulnerable Software and Affected Versions: matrix-ios-sdk versions prior to 0.23.19 Description: The issue allows an attacker cooperating with a malicious homeserver to construct messages that appear to have come from another person without indication. A sophisticated attacker could...

8.6CVSS7.7AI score0.0072EPSS
Exploits0References8
Cvelist
Cvelist
added 2022/09/28 12:0 a.m.19 views

CVE-2022-39251 Matrix Javascript SDK vulnerable to Olm/Megolm protocol confusion

Matrix Javascript SDK is the Matrix Client-Server SDK for JavaScript. Prior to version 19.7.0, an attacker cooperating with a malicious homeserver can construct messages that legitimately appear to have come from another person, without any indication such as a grey shield. Additionally, a...

8.6CVSS8.2AI score0.00872EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2022/09/28 12:0 a.m.6 views

CVE-2022-39251 Matrix Javascript SDK vulnerable to Olm/Megolm protocol confusion

Matrix Javascript SDK is the Matrix Client-Server SDK for JavaScript. Prior to version 19.7.0, an attacker cooperating with a malicious homeserver can construct messages that legitimately appear to have come from another person, without any indication such as a grey shield. Additionally, a...

8.6CVSS8.5AI score0.00872EPSS
Exploits0References5
CVE
CVE
added 2022/09/28 12:0 a.m.137 views

CVE-2022-39251

The CVE-2022-39251 vulnerability affects the Matrix Javascript SDK (matrix-js-sdk) prior to version 19.7.0. It stems from a protocol confusion bug that allowed to‑device messages encrypted with Megolm to be accepted as Olm, enabling an attacker coordinating with a malicious homeserver to craft me...

8.6CVSS8AI score0.00872EPSS
Exploits0References5Affected Software1
Debian CVE
Debian CVE
added 2022/09/28 12:0 a.m.24 views

CVE-2022-39251

Matrix Javascript SDK is the Matrix Client-Server SDK for JavaScript. Prior to version 19.7.0, an attacker cooperating with a malicious homeserver can construct messages that legitimately appear to have come from another person, without any indication such as a grey shield. Additionally, a...

8.6CVSS8.2AI score0.00872EPSS
Exploits0
Rows per page
Query Builder