Lucene search
Veracode Vulnerability DatabaseVERACODE:37396HistoryOct 04, 2022 - 4:44 a.m.
Authentication Bypass
2022-10-0404:44:02
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
8
matrix android sdk
authentication bypass
defaultcryptoservice.kt
onroomkeyevent
entity authentication
key forwarding strategy
malicious home server
0.001 Low
EPSS
Percentile
42.3%
Matrix Android SDK 2 is vulnerable to authentication bypass. The vulnerability exists in onRoomKeyEvent function of DefaultCryptoService.kt due to lack of entity authentication for key forwarding strategy which allows an attacker to cooperate with a malicious home server.
| CPE | Name | Operator | Version |
|---|---|---|---|
| matrix android sdk 2 | le | 1.4.36 | |
| matrix android sdk 2 | le | 1.4.36 |
References
github.com/advisories/GHSA-2pvj-p485-cp3m
github.com/matrix-org/matrix-android-sdk2/commit/77df720a238d17308deab83ecaa37f7a4740a17e
github.com/matrix-org/matrix-android-sdk2/releases/tag/v1.5.1
github.com/matrix-org/matrix-android-sdk2/security/advisories/GHSA-2pvj-p485-cp3m
github.com/matrix-org/matrix-spec-proposals/pull/3061
matrix.org/blog/2022/09/28/upgrade-now-to-address-encryption-vulns-in-matrix-sdks-and-clients
Related
osv
osv
CVE-2022-39246
2022-09-28 20:15:14
prion
prion
Design/Logic Flaw
2022-09-28 20:15:00
github
github
cve
cve
CVE-2022-39246
2022-09-28 20:15:14
cvelist
cvelist
nvd
nvd
CVE-2022-39246
2022-09-28 20:15:14