CWE-322
Key Exchange without Entity Authentication
The product performs a key exchange with an actor without verifying the identity of that actor.
CVE-2021-34433 (GCVE-0-2021-34433)
Vulnerability from cvelistv5
Published
2021-08-20 17:10
Modified
2024-08-04 00:12
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-322 - Key Exchange without Entity Authentication
Summary
In Eclipse Californium version 2.0.0 to 2.6.4 and 3.0.0-M1 to 3.0.0-M3, the certificate based (x509 and RPK) DTLS handshakes accidentally succeeds without verifying the server side's signature on the client side, if that signature is not included in the server's ServerKeyExchange.
References
► | URL | Tags | |||
---|---|---|---|---|---|
|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
The Eclipse Foundation | Eclipse Californium |
Version: 2.0.0 < unspecified Version: unspecified < Version: 3.0.0-M1 < unspecified Version: unspecified < |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T00:12:50.235Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=575281" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Eclipse Californium", "vendor": "The Eclipse Foundation", "versions": [ { "lessThan": "unspecified", "status": "affected", "version": "2.0.0", "versionType": "custom" }, { "lessThanOrEqual": "2.6.4", "status": "affected", "version": "unspecified", "versionType": "custom" }, { "lessThan": "unspecified", "status": "affected", "version": "3.0.0-M1", "versionType": "custom" }, { "lessThanOrEqual": "3.0.0-M3", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "In Eclipse Californium version 2.0.0 to 2.6.4 and 3.0.0-M1 to 3.0.0-M3, the certificate based (x509 and RPK) DTLS handshakes accidentally succeeds without verifying the server side\u0027s signature on the client side, if that signature is not included in the server\u0027s ServerKeyExchange." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-322", "description": "CWE-322: Key Exchange without Entity Authentication", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2021-08-20T17:10:10", "orgId": "e51fbebd-6053-4e49-959f-1b94eeb69a2c", "shortName": "eclipse" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=575281" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@eclipse.org", "ID": "CVE-2021-34433", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Eclipse Californium", "version": { "version_data": [ { "version_affected": "\u003e=", "version_value": "2.0.0" }, { "version_affected": "\u003c=", "version_value": "2.6.4" }, { "version_affected": "\u003e=", "version_value": "3.0.0-M1" }, { "version_affected": "\u003c=", "version_value": "3.0.0-M3" } ] } } ] }, "vendor_name": "The Eclipse Foundation" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "In Eclipse Californium version 2.0.0 to 2.6.4 and 3.0.0-M1 to 3.0.0-M3, the certificate based (x509 and RPK) DTLS handshakes accidentally succeeds without verifying the server side\u0027s signature on the client side, if that signature is not included in the server\u0027s ServerKeyExchange." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-322: Key Exchange without Entity Authentication" } ] } ] }, "references": { "reference_data": [ { "name": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=575281", "refsource": "CONFIRM", "url": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=575281" } ] } } } }, "cveMetadata": { "assignerOrgId": "e51fbebd-6053-4e49-959f-1b94eeb69a2c", "assignerShortName": "eclipse", "cveId": "CVE-2021-34433", "datePublished": "2021-08-20T17:10:10", "dateReserved": "2021-06-09T00:00:00", "dateUpdated": "2024-08-04T00:12:50.235Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2022-39246 (GCVE-0-2022-39246)
Vulnerability from cvelistv5
Published
2022-09-28 20:00
Modified
2025-04-23 16:54
Severity ?
VLAI Severity ?
EPSS score ?
Summary
matrix-android-sdk2 is the Matrix SDK for Android. Prior to version 1.5.1, an attacker cooperating with a malicious homeserver can construct messages appearing to have come from another person. Such messages will be marked with a grey shield on some platforms, but this may be missing in others. This attack is possible due to the key forwarding strategy implemented in the matrix-android-sdk2 that is too permissive. Starting with version 1.5.1, the default policy for accepting key forwards has been made more strict in the matrix-android-sdk2. The matrix-android-sdk2 will now only accept forwarded keys in response to previously issued requests and only from own, verified devices. The SDK now sets a `trusted` flag on the decrypted message upon decryption, based on whether the key used to decrypt the message was received from a trusted source. Clients need to ensure that messages decrypted with a key with `trusted = false` are decorated appropriately (for example, by showing a warning for such messages). As a workaroubnd, current users of the SDK can disable key forwarding in their forks using `CryptoService#enableKeyGossiping(enable: Boolean)`.
References
► | URL | Tags |
---|---|---|
|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
matrix-org | matrix-android-sdk2 |
Version: < 1.5.1 |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T12:00:43.348Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/matrix-org/matrix-spec-proposals/pull/3061" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://github.com/matrix-org/matrix-android-sdk2/security/advisories/GHSA-2pvj-p485-cp3m" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/matrix-org/matrix-android-sdk2/commit/77df720a238d17308deab83ecaa37f7a4740a17e" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/matrix-org/matrix-android-sdk2/releases/tag/v1.5.1" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2022-39246", "options": [ { "Exploitation": "none" }, { "Automatable": "yes" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-04-23T15:50:49.774935Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-04-23T16:54:47.328Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "matrix-android-sdk2", "vendor": "matrix-org", "versions": [ { "status": "affected", "version": "\u003c 1.5.1" } ] } ], "descriptions": [ { "lang": "en", "value": "matrix-android-sdk2 is the Matrix SDK for Android. Prior to version 1.5.1, an attacker cooperating with a malicious homeserver can construct messages appearing to have come from another person. Such messages will be marked with a grey shield on some platforms, but this may be missing in others. This attack is possible due to the key forwarding strategy implemented in the matrix-android-sdk2 that is too permissive. Starting with version 1.5.1, the default policy for accepting key forwards has been made more strict in the matrix-android-sdk2. The matrix-android-sdk2 will now only accept forwarded keys in response to previously issued requests and only from own, verified devices. The SDK now sets a `trusted` flag on the decrypted message upon decryption, based on whether the key used to decrypt the message was received from a trusted source. Clients need to ensure that messages decrypted with a key with `trusted = false` are decorated appropriately (for example, by showing a warning for such messages). As a workaroubnd, current users of the SDK can disable key forwarding in their forks using `CryptoService#enableKeyGossiping(enable: Boolean)`." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-322", "description": "CWE-322: Key Exchange without Entity Authentication", "lang": "en", "type": "CWE" } ] }, { "descriptions": [ { "cweId": "CWE-287", "description": "CWE-287: Improper Authentication", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2022-09-28T20:00:19.000Z", "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://github.com/matrix-org/matrix-spec-proposals/pull/3061" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://github.com/matrix-org/matrix-android-sdk2/security/advisories/GHSA-2pvj-p485-cp3m" }, { "tags": [ "x_refsource_MISC" ], "url": "https://github.com/matrix-org/matrix-android-sdk2/commit/77df720a238d17308deab83ecaa37f7a4740a17e" }, { "tags": [ "x_refsource_MISC" ], "url": "https://github.com/matrix-org/matrix-android-sdk2/releases/tag/v1.5.1" } ], "source": { "advisory": "GHSA-2pvj-p485-cp3m", "discovery": "UNKNOWN" }, "title": "matrix-android-sdk2 vulnerable to impersonation via forwarded Megolm sessions", "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security-advisories@github.com", "ID": "CVE-2022-39246", "STATE": "PUBLIC", "TITLE": "matrix-android-sdk2 vulnerable to impersonation via forwarded Megolm sessions" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "matrix-android-sdk2", "version": { "version_data": [ { "version_value": "\u003c 1.5.1" } ] } } ] }, "vendor_name": "matrix-org" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "matrix-android-sdk2 is the Matrix SDK for Android. Prior to version 1.5.1, an attacker cooperating with a malicious homeserver can construct messages appearing to have come from another person. Such messages will be marked with a grey shield on some platforms, but this may be missing in others. This attack is possible due to the key forwarding strategy implemented in the matrix-android-sdk2 that is too permissive. Starting with version 1.5.1, the default policy for accepting key forwards has been made more strict in the matrix-android-sdk2. The matrix-android-sdk2 will now only accept forwarded keys in response to previously issued requests and only from own, verified devices. The SDK now sets a `trusted` flag on the decrypted message upon decryption, based on whether the key used to decrypt the message was received from a trusted source. Clients need to ensure that messages decrypted with a key with `trusted = false` are decorated appropriately (for example, by showing a warning for such messages). As a workaroubnd, current users of the SDK can disable key forwarding in their forks using `CryptoService#enableKeyGossiping(enable: Boolean)`." } ] }, "impact": { "cvss": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-322: Key Exchange without Entity Authentication" } ] }, { "description": [ { "lang": "eng", "value": "CWE-287: Improper Authentication" } ] } ] }, "references": { "reference_data": [ { "name": "https://github.com/matrix-org/matrix-spec-proposals/pull/3061", "refsource": "MISC", "url": "https://github.com/matrix-org/matrix-spec-proposals/pull/3061" }, { "name": "https://github.com/matrix-org/matrix-android-sdk2/security/advisories/GHSA-2pvj-p485-cp3m", "refsource": "CONFIRM", "url": "https://github.com/matrix-org/matrix-android-sdk2/security/advisories/GHSA-2pvj-p485-cp3m" }, { "name": "https://github.com/matrix-org/matrix-android-sdk2/commit/77df720a238d17308deab83ecaa37f7a4740a17e", "refsource": "MISC", "url": "https://github.com/matrix-org/matrix-android-sdk2/commit/77df720a238d17308deab83ecaa37f7a4740a17e" }, { "name": "https://github.com/matrix-org/matrix-android-sdk2/releases/tag/v1.5.1", "refsource": "MISC", "url": "https://github.com/matrix-org/matrix-android-sdk2/releases/tag/v1.5.1" } ] }, "source": { "advisory": "GHSA-2pvj-p485-cp3m", "discovery": "UNKNOWN" } } } }, "cveMetadata": { "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "assignerShortName": "GitHub_M", "cveId": "CVE-2022-39246", "datePublished": "2022-09-28T20:00:19.000Z", "dateReserved": "2022-09-02T00:00:00.000Z", "dateUpdated": "2025-04-23T16:54:47.328Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2022-39248 (GCVE-0-2022-39248)
Vulnerability from cvelistv5
Published
2022-09-28 20:05
Modified
2025-04-23 16:54
Severity ?
VLAI Severity ?
EPSS score ?
Summary
matrix-android-sdk2 is the Matrix SDK for Android. Prior to version 1.5.1, an attacker cooperating with a malicious homeserver can construct messages that legitimately appear to have come from another person, without any indication such as a grey shield. Additionally, a sophisticated attacker cooperating with a malicious homeserver could employ this vulnerability to perform a targeted attack in order to send fake to-device messages appearing to originate from another user. This can allow, for example, to inject the key backup secret during a self-verification, to make a targeted device start using a malicious key backup spoofed by the homeserver. matrix-android-sdk2 would then additionally sign such a key backup with its device key, spilling trust over to other devices trusting the matrix-android-sdk2 device. These attacks are possible due to a protocol confusion vulnerability that accepts to-device messages encrypted with Megolm instead of Olm. matrix-android-sdk2 version 1.5.1 has been modified to only accept Olm-encrypted to-device messages and to stop signing backups on a successful decryption. Out of caution, several other checks have been audited or added. This attack requires coordination between a malicious home server and an attacker, so those who trust their home servers do not need a workaround.
References
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
matrix-org | matrix-android-sdk2 |
Version: < 1.5.1 |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T12:00:43.445Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://matrix.org/blog/2022/09/28/upgrade-now-to-address-encryption-vulns-in-matrix-sdks-and-clients" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/matrix-org/matrix-android-sdk2/commit/77df720a238d17308deab83ecaa37f7a4740a17e" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/matrix-org/matrix-android-sdk2/releases/tag/v1.5.1" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://github.com/matrix-org/matrix-android-sdk2/security/advisories/GHSA-fpgf-pjjv-2qgm" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2022-39248", "options": [ { "Exploitation": "none" }, { "Automatable": "yes" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-04-23T15:50:46.695381Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-04-23T16:54:40.093Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "matrix-android-sdk2", "vendor": "matrix-org", "versions": [ { "status": "affected", "version": "\u003c 1.5.1" } ] } ], "descriptions": [ { "lang": "en", "value": "matrix-android-sdk2 is the Matrix SDK for Android. Prior to version 1.5.1, an attacker cooperating with a malicious homeserver can construct messages that legitimately appear to have come from another person, without any indication such as a grey shield. Additionally, a sophisticated attacker cooperating with a malicious homeserver could employ this vulnerability to perform a targeted attack in order to send fake to-device messages appearing to originate from another user. This can allow, for example, to inject the key backup secret during a self-verification, to make a targeted device start using a malicious key backup spoofed by the homeserver. matrix-android-sdk2 would then additionally sign such a key backup with its device key, spilling trust over to other devices trusting the matrix-android-sdk2 device. These attacks are possible due to a protocol confusion vulnerability that accepts to-device messages encrypted with Megolm instead of Olm. matrix-android-sdk2 version 1.5.1 has been modified to only accept Olm-encrypted to-device messages and to stop signing backups on a successful decryption. Out of caution, several other checks have been audited or added. This attack requires coordination between a malicious home server and an attacker, so those who trust their home servers do not need a workaround." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.6, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-322", "description": "CWE-322: Key Exchange without Entity Authentication", "lang": "en", "type": "CWE" } ] }, { "descriptions": [ { "cweId": "CWE-287", "description": "CWE-287: Improper Authentication", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2022-09-28T20:05:12.000Z", "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://matrix.org/blog/2022/09/28/upgrade-now-to-address-encryption-vulns-in-matrix-sdks-and-clients" }, { "tags": [ "x_refsource_MISC" ], "url": "https://github.com/matrix-org/matrix-android-sdk2/commit/77df720a238d17308deab83ecaa37f7a4740a17e" }, { "tags": [ "x_refsource_MISC" ], "url": "https://github.com/matrix-org/matrix-android-sdk2/releases/tag/v1.5.1" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://github.com/matrix-org/matrix-android-sdk2/security/advisories/GHSA-fpgf-pjjv-2qgm" } ], "source": { "advisory": "GHSA-fpgf-pjjv-2qgm", "discovery": "UNKNOWN" }, "title": "matrix-android-sdk2 vulnerable to Olm/Megolm protocol confusion", "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security-advisories@github.com", "ID": "CVE-2022-39248", "STATE": "PUBLIC", "TITLE": "matrix-android-sdk2 vulnerable to Olm/Megolm protocol confusion" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "matrix-android-sdk2", "version": { "version_data": [ { "version_value": "\u003c 1.5.1" } ] } } ] }, "vendor_name": "matrix-org" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "matrix-android-sdk2 is the Matrix SDK for Android. Prior to version 1.5.1, an attacker cooperating with a malicious homeserver can construct messages that legitimately appear to have come from another person, without any indication such as a grey shield. Additionally, a sophisticated attacker cooperating with a malicious homeserver could employ this vulnerability to perform a targeted attack in order to send fake to-device messages appearing to originate from another user. This can allow, for example, to inject the key backup secret during a self-verification, to make a targeted device start using a malicious key backup spoofed by the homeserver. matrix-android-sdk2 would then additionally sign such a key backup with its device key, spilling trust over to other devices trusting the matrix-android-sdk2 device. These attacks are possible due to a protocol confusion vulnerability that accepts to-device messages encrypted with Megolm instead of Olm. matrix-android-sdk2 version 1.5.1 has been modified to only accept Olm-encrypted to-device messages and to stop signing backups on a successful decryption. Out of caution, several other checks have been audited or added. This attack requires coordination between a malicious home server and an attacker, so those who trust their home servers do not need a workaround." } ] }, "impact": { "cvss": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.6, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N", "version": "3.1" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-322: Key Exchange without Entity Authentication" } ] }, { "description": [ { "lang": "eng", "value": "CWE-287: Improper Authentication" } ] } ] }, "references": { "reference_data": [ { "name": "https://matrix.org/blog/2022/09/28/upgrade-now-to-address-encryption-vulns-in-matrix-sdks-and-clients", "refsource": "MISC", "url": "https://matrix.org/blog/2022/09/28/upgrade-now-to-address-encryption-vulns-in-matrix-sdks-and-clients" }, { "name": "https://github.com/matrix-org/matrix-android-sdk2/commit/77df720a238d17308deab83ecaa37f7a4740a17e", "refsource": "MISC", "url": "https://github.com/matrix-org/matrix-android-sdk2/commit/77df720a238d17308deab83ecaa37f7a4740a17e" }, { "name": "https://github.com/matrix-org/matrix-android-sdk2/releases/tag/v1.5.1", "refsource": "MISC", "url": "https://github.com/matrix-org/matrix-android-sdk2/releases/tag/v1.5.1" }, { "name": "https://github.com/matrix-org/matrix-android-sdk2/security/advisories/GHSA-fpgf-pjjv-2qgm", "refsource": "CONFIRM", "url": "https://github.com/matrix-org/matrix-android-sdk2/security/advisories/GHSA-fpgf-pjjv-2qgm" } ] }, "source": { "advisory": "GHSA-fpgf-pjjv-2qgm", "discovery": "UNKNOWN" } } } }, "cveMetadata": { "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "assignerShortName": "GitHub_M", "cveId": "CVE-2022-39248", "datePublished": "2022-09-28T20:05:12.000Z", "dateReserved": "2022-09-02T00:00:00.000Z", "dateUpdated": "2025-04-23T16:54:40.093Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2022-39249 (GCVE-0-2022-39249)
Vulnerability from cvelistv5
Published
2022-09-28 00:00
Modified
2025-04-23 16:55
Severity ?
VLAI Severity ?
EPSS score ?
Summary
Matrix Javascript SDK is the Matrix Client-Server SDK for JavaScript. Prior to version 19.7.0, an attacker cooperating with a malicious homeserver can construct messages appearing to have come from another person. Such messages will be marked with a grey shield on some platforms, but this may be missing in others. This attack is possible due to the matrix-js-sdk implementing a too permissive key forwarding strategy on the receiving end. Starting with version 19.7.0, the default policy for accepting key forwards has been made more strict in the matrix-js-sdk. matrix-js-sdk will now only accept forwarded keys in response to previously issued requests and only from own, verified devices. The SDK now sets a `trusted` flag on the decrypted message upon decryption, based on whether the key used to decrypt the message was received from a trusted source. Clients need to ensure that messages decrypted with a key with `trusted = false` are decorated appropriately, for example, by showing a warning for such messages. This attack requires coordination between a malicious homeserver and an attacker, and those who trust your homeservers do not need a workaround.
References
► | URL | Tags | ||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
matrix-org | matrix-js-sdk |
Version: < 19.7.0 |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T12:00:43.417Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://github.com/matrix-org/matrix-js-sdk/commit/a587d7c36026fe1fcf93dfff63588abee359be76" }, { "tags": [ "x_transferred" ], "url": "https://github.com/matrix-org/matrix-js-sdk/releases/tag/v19.7.0" }, { "tags": [ "x_transferred" ], "url": "https://github.com/matrix-org/matrix-js-sdk/security/advisories/GHSA-6263-x97c-c4gg" }, { "tags": [ "x_transferred" ], "url": "https://github.com/matrix-org/matrix-spec-proposals/pull/3061" }, { "tags": [ "x_transferred" ], "url": "https://matrix.org/blog/2022/09/28/upgrade-now-to-address-encryption-vulns-in-matrix-sdks-and-clients" }, { "name": "GLSA-202210-35", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://security.gentoo.org/glsa/202210-35" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2022-39249", "options": [ { "Exploitation": "none" }, { "Automatable": "yes" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-04-23T15:51:04.050488Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-04-23T16:55:11.362Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "matrix-js-sdk", "vendor": "matrix-org", "versions": [ { "status": "affected", "version": "\u003c 19.7.0" } ] } ], "descriptions": [ { "lang": "en", "value": "Matrix Javascript SDK is the Matrix Client-Server SDK for JavaScript. Prior to version 19.7.0, an attacker cooperating with a malicious homeserver can construct messages appearing to have come from another person. Such messages will be marked with a grey shield on some platforms, but this may be missing in others. This attack is possible due to the matrix-js-sdk implementing a too permissive key forwarding strategy on the receiving end. Starting with version 19.7.0, the default policy for accepting key forwards has been made more strict in the matrix-js-sdk. matrix-js-sdk will now only accept forwarded keys in response to previously issued requests and only from own, verified devices. The SDK now sets a `trusted` flag on the decrypted message upon decryption, based on whether the key used to decrypt the message was received from a trusted source. Clients need to ensure that messages decrypted with a key with `trusted = false` are decorated appropriately, for example, by showing a warning for such messages. This attack requires coordination between a malicious homeserver and an attacker, and those who trust your homeservers do not need a workaround." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-322", "description": "CWE-322: Key Exchange without Entity Authentication", "lang": "en", "type": "CWE" } ] }, { "descriptions": [ { "cweId": "CWE-287", "description": "CWE-287: Improper Authentication", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2022-10-31T00:00:00.000Z", "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M" }, "references": [ { "url": "https://github.com/matrix-org/matrix-js-sdk/commit/a587d7c36026fe1fcf93dfff63588abee359be76" }, { "url": "https://github.com/matrix-org/matrix-js-sdk/releases/tag/v19.7.0" }, { "url": "https://github.com/matrix-org/matrix-js-sdk/security/advisories/GHSA-6263-x97c-c4gg" }, { "url": "https://github.com/matrix-org/matrix-spec-proposals/pull/3061" }, { "url": "https://matrix.org/blog/2022/09/28/upgrade-now-to-address-encryption-vulns-in-matrix-sdks-and-clients" }, { "name": "GLSA-202210-35", "tags": [ "vendor-advisory" ], "url": "https://security.gentoo.org/glsa/202210-35" } ], "source": { "advisory": "GHSA-6263-x97c-c4gg", "discovery": "UNKNOWN" }, "title": "Matrix Javascript SDK vulnerable to impersonation via forwarded Megolm sessions" } }, "cveMetadata": { "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "assignerShortName": "GitHub_M", "cveId": "CVE-2022-39249", "datePublished": "2022-09-28T00:00:00.000Z", "dateReserved": "2022-09-02T00:00:00.000Z", "dateUpdated": "2025-04-23T16:55:11.362Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2022-39250 (GCVE-0-2022-39250)
Vulnerability from cvelistv5
Published
2022-09-29 00:00
Modified
2025-04-23 16:54
Severity ?
VLAI Severity ?
EPSS score ?
Summary
Matrix JavaScript SDK is the Matrix Client-Server software development kit (SDK) for JavaScript. Prior to version 19.7.0, an attacker cooperating with a malicious homeserver could interfere with the verification flow between two users, injecting its own cross-signing user identity in place of one of the users’ identities. This would lead to the other device trusting/verifying the user identity under the control of the homeserver instead of the intended one. The vulnerability is a bug in the matrix-js-sdk, caused by checking and signing user identities and devices in two separate steps, and inadequately fixing the keys to be signed between those steps. Even though the attack is partly made possible due to the design decision of treating cross-signing user identities as Matrix devices on the server side (with their device ID set to the public part of the user identity key), no other examined implementations were vulnerable. Starting with version 19.7.0, the matrix-js-sdk has been modified to double check that the key signed is the one that was verified instead of just referencing the key by ID. An additional check has been made to report an error when one of the device ID matches a cross-signing key. As this attack requires coordination between a malicious homeserver and an attacker, those who trust their homeservers do not need a particular workaround.
References
► | URL | Tags | |||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
matrix-org | matrix-js-sdk |
Version: < 19.7.0 |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T12:00:43.453Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://github.com/matrix-org/matrix-js-sdk/commit/a587d7c36026fe1fcf93dfff63588abee359be76" }, { "tags": [ "x_transferred" ], "url": "https://github.com/matrix-org/matrix-js-sdk/releases/tag/v19.7.0" }, { "tags": [ "x_transferred" ], "url": "https://matrix.org/blog/2022/09/28/upgrade-now-to-address-encryption-vulns-in-matrix-sdks-and-clients" }, { "tags": [ "x_transferred" ], "url": "https://github.com/matrix-org/matrix-js-sdk/security/advisories/GHSA-5w8r-8pgj-5jmf" }, { "name": "GLSA-202210-35", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://security.gentoo.org/glsa/202210-35" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2022-39250", "options": [ { "Exploitation": "none" }, { "Automatable": "yes" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-04-23T15:50:35.378280Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-04-23T16:54:16.797Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "matrix-js-sdk", "vendor": "matrix-org", "versions": [ { "status": "affected", "version": "\u003c 19.7.0" } ] } ], "descriptions": [ { "lang": "en", "value": "Matrix JavaScript SDK is the Matrix Client-Server software development kit (SDK) for JavaScript. Prior to version 19.7.0, an attacker cooperating with a malicious homeserver could interfere with the verification flow between two users, injecting its own cross-signing user identity in place of one of the users\u2019 identities. This would lead to the other device trusting/verifying the user identity under the control of the homeserver instead of the intended one. The vulnerability is a bug in the matrix-js-sdk, caused by checking and signing user identities and devices in two separate steps, and inadequately fixing the keys to be signed between those steps. Even though the attack is partly made possible due to the design decision of treating cross-signing user identities as Matrix devices on the server side (with their device ID set to the public part of the user identity key), no other examined implementations were vulnerable. Starting with version 19.7.0, the matrix-js-sdk has been modified to double check that the key signed is the one that was verified instead of just referencing the key by ID. An additional check has been made to report an error when one of the device ID matches a cross-signing key. As this attack requires coordination between a malicious homeserver and an attacker, those who trust their homeservers do not need a particular workaround." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.6, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-322", "description": "CWE-322: Key Exchange without Entity Authentication", "lang": "en", "type": "CWE" } ] }, { "descriptions": [ { "cweId": "CWE-287", "description": "CWE-287: Improper Authentication", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2022-10-31T00:00:00.000Z", "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M" }, "references": [ { "url": "https://github.com/matrix-org/matrix-js-sdk/commit/a587d7c36026fe1fcf93dfff63588abee359be76" }, { "url": "https://github.com/matrix-org/matrix-js-sdk/releases/tag/v19.7.0" }, { "url": "https://matrix.org/blog/2022/09/28/upgrade-now-to-address-encryption-vulns-in-matrix-sdks-and-clients" }, { "url": "https://github.com/matrix-org/matrix-js-sdk/security/advisories/GHSA-5w8r-8pgj-5jmf" }, { "name": "GLSA-202210-35", "tags": [ "vendor-advisory" ], "url": "https://security.gentoo.org/glsa/202210-35" } ], "source": { "advisory": "GHSA-5w8r-8pgj-5jmf", "discovery": "UNKNOWN" }, "title": "Matrix JavaScript SDK vulnerable to key/device identifier confusion in SAS verification" } }, "cveMetadata": { "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "assignerShortName": "GitHub_M", "cveId": "CVE-2022-39250", "datePublished": "2022-09-29T00:00:00.000Z", "dateReserved": "2022-09-02T00:00:00.000Z", "dateUpdated": "2025-04-23T16:54:16.797Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2022-39251 (GCVE-0-2022-39251)
Vulnerability from cvelistv5
Published
2022-09-28 00:00
Modified
2025-04-23 16:55
Severity ?
VLAI Severity ?
EPSS score ?
Summary
Matrix Javascript SDK is the Matrix Client-Server SDK for JavaScript. Prior to version 19.7.0, an attacker cooperating with a malicious homeserver can construct messages that legitimately appear to have come from another person, without any indication such as a grey shield. Additionally, a sophisticated attacker cooperating with a malicious homeserver could employ this vulnerability to perform a targeted attack in order to send fake to-device messages appearing to originate from another user. This can allow, for example, to inject the key backup secret during a self-verification, to make a targeted device start using a malicious key backup spoofed by the homeserver. These attacks are possible due to a protocol confusion vulnerability that accepts to-device messages encrypted with Megolm instead of Olm. Starting with version 19.7.0, matrix-js-sdk has been modified to only accept Olm-encrypted to-device messages. Out of caution, several other checks have been audited or added. This attack requires coordination between a malicious home server and an attacker, so those who trust their home servers do not need a workaround.
References
► | URL | Tags | |||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
matrix-org | matrix-js-sdk |
Version: < 19.7.0 |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T12:00:43.351Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://github.com/matrix-org/matrix-js-sdk/commit/a587d7c36026fe1fcf93dfff63588abee359be76" }, { "tags": [ "x_transferred" ], "url": "https://github.com/matrix-org/matrix-js-sdk/releases/tag/v19.7.0" }, { "tags": [ "x_transferred" ], "url": "https://matrix.org/blog/2022/09/28/upgrade-now-to-address-encryption-vulns-in-matrix-sdks-and-clients" }, { "tags": [ "x_transferred" ], "url": "https://github.com/matrix-org/matrix-js-sdk/security/advisories/GHSA-r48r-j8fx-mq2c" }, { "name": "GLSA-202210-35", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://security.gentoo.org/glsa/202210-35" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2022-39251", "options": [ { "Exploitation": "none" }, { "Automatable": "yes" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-04-23T15:51:00.530252Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-04-23T16:55:05.561Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "matrix-js-sdk", "vendor": "matrix-org", "versions": [ { "status": "affected", "version": "\u003c 19.7.0" } ] } ], "descriptions": [ { "lang": "en", "value": "Matrix Javascript SDK is the Matrix Client-Server SDK for JavaScript. Prior to version 19.7.0, an attacker cooperating with a malicious homeserver can construct messages that legitimately appear to have come from another person, without any indication such as a grey shield. Additionally, a sophisticated attacker cooperating with a malicious homeserver could employ this vulnerability to perform a targeted attack in order to send fake to-device messages appearing to originate from another user. This can allow, for example, to inject the key backup secret during a self-verification, to make a targeted device start using a malicious key backup spoofed by the homeserver. These attacks are possible due to a protocol confusion vulnerability that accepts to-device messages encrypted with Megolm instead of Olm. Starting with version 19.7.0, matrix-js-sdk has been modified to only accept Olm-encrypted to-device messages. Out of caution, several other checks have been audited or added. This attack requires coordination between a malicious home server and an attacker, so those who trust their home servers do not need a workaround." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.6, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-322", "description": "CWE-322: Key Exchange without Entity Authentication", "lang": "en", "type": "CWE" } ] }, { "descriptions": [ { "cweId": "CWE-287", "description": "CWE-287: Improper Authentication", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2022-10-31T00:00:00.000Z", "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M" }, "references": [ { "url": "https://github.com/matrix-org/matrix-js-sdk/commit/a587d7c36026fe1fcf93dfff63588abee359be76" }, { "url": "https://github.com/matrix-org/matrix-js-sdk/releases/tag/v19.7.0" }, { "url": "https://matrix.org/blog/2022/09/28/upgrade-now-to-address-encryption-vulns-in-matrix-sdks-and-clients" }, { "url": "https://github.com/matrix-org/matrix-js-sdk/security/advisories/GHSA-r48r-j8fx-mq2c" }, { "name": "GLSA-202210-35", "tags": [ "vendor-advisory" ], "url": "https://security.gentoo.org/glsa/202210-35" } ], "source": { "advisory": "GHSA-r48r-j8fx-mq2c", "discovery": "UNKNOWN" }, "title": "Matrix Javascript SDK vulnerable to Olm/Megolm protocol confusion" } }, "cveMetadata": { "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "assignerShortName": "GitHub_M", "cveId": "CVE-2022-39251", "datePublished": "2022-09-28T00:00:00.000Z", "dateReserved": "2022-09-02T00:00:00.000Z", "dateUpdated": "2025-04-23T16:55:05.561Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2022-39252 (GCVE-0-2022-39252)
Vulnerability from cvelistv5
Published
2022-09-29 14:15
Modified
2025-04-23 16:54
Severity ?
VLAI Severity ?
EPSS score ?
Summary
matrix-rust-sdk is an implementation of a Matrix client-server library in Rust, and matrix-sdk-crypto is the Matrix encryption library. Prior to version 0.6, when a user requests a room key from their devices, the software correctly remembers the request. When the user receives a forwarded room key, the software accepts it without checking who the room key came from. This allows homeservers to try to insert room keys of questionable validity, potentially mounting an impersonation attack. Version 0.6 fixes this issue.
References
► | URL | Tags | ||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
matrix-org | matrix-rust-sdk |
Version: < 0.6 |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T12:00:43.464Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://github.com/matrix-org/matrix-rust-sdk/security/advisories/GHSA-vp68-2wrm-69qm" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/matrix-org/matrix-rust-sdk/commit/093fb5d0aa21c0b5eaea6ec96b477f1075271cbb" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/matrix-org/matrix-rust-sdk/commit/41449d2cc360e347f5d4e1c154ec1e3185f11acd" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/matrix-org/matrix-rust-sdk/releases/tag/matrix-sdk-0.6.0" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2022-39252", "options": [ { "Exploitation": "none" }, { "Automatable": "yes" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-04-23T15:50:29.306523Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-04-23T16:54:05.100Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "matrix-rust-sdk", "vendor": "matrix-org", "versions": [ { "status": "affected", "version": "\u003c 0.6" } ] } ], "descriptions": [ { "lang": "en", "value": "matrix-rust-sdk is an implementation of a Matrix client-server library in Rust, and matrix-sdk-crypto is the Matrix encryption library. Prior to version 0.6, when a user requests a room key from their devices, the software correctly remembers the request. When the user receives a forwarded room key, the software accepts it without checking who the room key came from. This allows homeservers to try to insert room keys of questionable validity, potentially mounting an impersonation attack. Version 0.6 fixes this issue." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.6, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-322", "description": "CWE-322: Key Exchange without Entity Authentication", "lang": "en", "type": "CWE" } ] }, { "descriptions": [ { "cweId": "CWE-287", "description": "CWE-287: Improper Authentication", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2022-09-29T14:15:14.000Z", "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://github.com/matrix-org/matrix-rust-sdk/security/advisories/GHSA-vp68-2wrm-69qm" }, { "tags": [ "x_refsource_MISC" ], "url": "https://github.com/matrix-org/matrix-rust-sdk/commit/093fb5d0aa21c0b5eaea6ec96b477f1075271cbb" }, { "tags": [ "x_refsource_MISC" ], "url": "https://github.com/matrix-org/matrix-rust-sdk/commit/41449d2cc360e347f5d4e1c154ec1e3185f11acd" }, { "tags": [ "x_refsource_MISC" ], "url": "https://github.com/matrix-org/matrix-rust-sdk/releases/tag/matrix-sdk-0.6.0" } ], "source": { "advisory": "GHSA-vp68-2wrm-69qm", "discovery": "UNKNOWN" }, "title": "When matrix-rust-sdk recieves forwarded room keys, the reciever doesn\u0027t check if it requested the key from the forwarder", "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security-advisories@github.com", "ID": "CVE-2022-39252", "STATE": "PUBLIC", "TITLE": "When matrix-rust-sdk recieves forwarded room keys, the reciever doesn\u0027t check if it requested the key from the forwarder" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "matrix-rust-sdk", "version": { "version_data": [ { "version_value": "\u003c 0.6" } ] } } ] }, "vendor_name": "matrix-org" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "matrix-rust-sdk is an implementation of a Matrix client-server library in Rust, and matrix-sdk-crypto is the Matrix encryption library. Prior to version 0.6, when a user requests a room key from their devices, the software correctly remembers the request. When the user receives a forwarded room key, the software accepts it without checking who the room key came from. This allows homeservers to try to insert room keys of questionable validity, potentially mounting an impersonation attack. Version 0.6 fixes this issue." } ] }, "impact": { "cvss": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.6, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N", "version": "3.1" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-322: Key Exchange without Entity Authentication" } ] }, { "description": [ { "lang": "eng", "value": "CWE-287: Improper Authentication" } ] } ] }, "references": { "reference_data": [ { "name": "https://github.com/matrix-org/matrix-rust-sdk/security/advisories/GHSA-vp68-2wrm-69qm", "refsource": "CONFIRM", "url": "https://github.com/matrix-org/matrix-rust-sdk/security/advisories/GHSA-vp68-2wrm-69qm" }, { "name": "https://github.com/matrix-org/matrix-rust-sdk/commit/093fb5d0aa21c0b5eaea6ec96b477f1075271cbb", "refsource": "MISC", "url": "https://github.com/matrix-org/matrix-rust-sdk/commit/093fb5d0aa21c0b5eaea6ec96b477f1075271cbb" }, { "name": "https://github.com/matrix-org/matrix-rust-sdk/commit/41449d2cc360e347f5d4e1c154ec1e3185f11acd", "refsource": "MISC", "url": "https://github.com/matrix-org/matrix-rust-sdk/commit/41449d2cc360e347f5d4e1c154ec1e3185f11acd" }, { "name": "https://github.com/matrix-org/matrix-rust-sdk/releases/tag/matrix-sdk-0.6.0", "refsource": "MISC", "url": "https://github.com/matrix-org/matrix-rust-sdk/releases/tag/matrix-sdk-0.6.0" } ] }, "source": { "advisory": "GHSA-vp68-2wrm-69qm", "discovery": "UNKNOWN" } } } }, "cveMetadata": { "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "assignerShortName": "GitHub_M", "cveId": "CVE-2022-39252", "datePublished": "2022-09-29T14:15:14.000Z", "dateReserved": "2022-09-02T00:00:00.000Z", "dateUpdated": "2025-04-23T16:54:05.100Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2022-39254 (GCVE-0-2022-39254)
Vulnerability from cvelistv5
Published
2022-09-29 14:35
Modified
2025-04-23 16:53
Severity ?
VLAI Severity ?
EPSS score ?
Summary
matrix-nio is a Python Matrix client library, designed according to sans I/O principles. Prior to version 0.20, when a users requests a room key from their devices, the software correctly remember the request. Once they receive a forwarded room key, they accept it without checking who the room key came from. This allows homeservers to try to insert room keys of questionable validity, potentially mounting an impersonation attack. Version 0.20 fixes the issue.
References
► | URL | Tags |
---|---|---|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
poljar | matrix-nio |
Version: < 0.20 |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T12:00:43.472Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://github.com/poljar/matrix-nio/security/advisories/GHSA-w4pr-4vjg-hffh" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/poljar/matrix-nio/commit/b1cbf234a831daa160673defd596e6450e9c29f0" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2022-39254", "options": [ { "Exploitation": "none" }, { "Automatable": "yes" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-04-23T15:50:24.477414Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-04-23T16:53:59.840Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "matrix-nio", "vendor": "poljar", "versions": [ { "status": "affected", "version": "\u003c 0.20" } ] } ], "descriptions": [ { "lang": "en", "value": "matrix-nio is a Python Matrix client library, designed according to sans I/O principles. Prior to version 0.20, when a users requests a room key from their devices, the software correctly remember the request. Once they receive a forwarded room key, they accept it without checking who the room key came from. This allows homeservers to try to insert room keys of questionable validity, potentially mounting an impersonation attack. Version 0.20 fixes the issue." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.6, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-322", "description": "CWE-322: Key Exchange without Entity Authentication", "lang": "en", "type": "CWE" } ] }, { "descriptions": [ { "cweId": "CWE-287", "description": "CWE-287: Improper Authentication", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2022-09-29T14:35:10.000Z", "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://github.com/poljar/matrix-nio/security/advisories/GHSA-w4pr-4vjg-hffh" }, { "tags": [ "x_refsource_MISC" ], "url": "https://github.com/poljar/matrix-nio/commit/b1cbf234a831daa160673defd596e6450e9c29f0" } ], "source": { "advisory": "GHSA-w4pr-4vjg-hffh", "discovery": "UNKNOWN" }, "title": "When matrix-nio receives forwarded room keys, the receiver doesn\u0027t check if it requested the key from the forwarder", "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security-advisories@github.com", "ID": "CVE-2022-39254", "STATE": "PUBLIC", "TITLE": "When matrix-nio receives forwarded room keys, the receiver doesn\u0027t check if it requested the key from the forwarder" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "matrix-nio", "version": { "version_data": [ { "version_value": "\u003c 0.20" } ] } } ] }, "vendor_name": "poljar" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "matrix-nio is a Python Matrix client library, designed according to sans I/O principles. Prior to version 0.20, when a users requests a room key from their devices, the software correctly remember the request. Once they receive a forwarded room key, they accept it without checking who the room key came from. This allows homeservers to try to insert room keys of questionable validity, potentially mounting an impersonation attack. Version 0.20 fixes the issue." } ] }, "impact": { "cvss": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.6, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N", "version": "3.1" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-322: Key Exchange without Entity Authentication" } ] }, { "description": [ { "lang": "eng", "value": "CWE-287: Improper Authentication" } ] } ] }, "references": { "reference_data": [ { "name": "https://github.com/poljar/matrix-nio/security/advisories/GHSA-w4pr-4vjg-hffh", "refsource": "CONFIRM", "url": "https://github.com/poljar/matrix-nio/security/advisories/GHSA-w4pr-4vjg-hffh" }, { "name": "https://github.com/poljar/matrix-nio/commit/b1cbf234a831daa160673defd596e6450e9c29f0", "refsource": "MISC", "url": "https://github.com/poljar/matrix-nio/commit/b1cbf234a831daa160673defd596e6450e9c29f0" } ] }, "source": { "advisory": "GHSA-w4pr-4vjg-hffh", "discovery": "UNKNOWN" } } } }, "cveMetadata": { "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "assignerShortName": "GitHub_M", "cveId": "CVE-2022-39254", "datePublished": "2022-09-29T14:35:10.000Z", "dateReserved": "2022-09-02T00:00:00.000Z", "dateUpdated": "2025-04-23T16:53:59.840Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2022-39255 (GCVE-0-2022-39255)
Vulnerability from cvelistv5
Published
2022-09-28 20:35
Modified
2025-04-23 16:54
Severity ?
VLAI Severity ?
EPSS score ?
Summary
Matrix iOS SDK allows developers to build iOS apps compatible with Matrix. Prior to version 0.23.19, an attacker cooperating with a malicious homeserver can construct messages that legitimately appear to have come from another person, without any indication such as a grey shield. Additionally, a sophisticated attacker cooperating with a malicious homeserver could employ this vulnerability to perform a targeted attack in order to send fake to-device messages appearing to originate from another user. This can allow, for example, to inject the key backup secret during a self-verification, to make a targeted device start using a malicious key backup spoofed by the homeserver. These attacks are possible due to a protocol confusion vulnerability that accepts to-device messages encrypted with Megolm instead of Olm. matrix-ios-sdk version 0.23.19 has been modified to only accept Olm-encrypted to-device messages. Out of caution, several other checks have been audited or added. This attack requires coordination between a malicious home server and an attacker, so those who trust their home servers do not need a workaround. To avoid malicious backup attacks, one should not verify one's new logins using emoji/QR verifications methods until patched.
References
► | URL | Tags | ||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
matrix-org | matrix-ios-sdk |
Version: < 0.23.19 |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T12:00:43.331Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://matrix.org/blog/2022/09/28/upgrade-now-to-address-encryption-vulns-in-matrix-sdks-and-clients" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://github.com/matrix-org/matrix-ios-sdk/security/advisories/GHSA-hw6g-j8v6-9hcm" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/matrix-org/matrix-ios-sdk/commit/5ca86c328a5faaab429c240551cb9ca8f0f6262c" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/matrix-org/matrix-ios-sdk/releases/tag/v0.23.19" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2022-39255", "options": [ { "Exploitation": "none" }, { "Automatable": "yes" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-04-23T15:50:43.338509Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-04-23T16:54:34.263Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "matrix-ios-sdk", "vendor": "matrix-org", "versions": [ { "status": "affected", "version": "\u003c 0.23.19" } ] } ], "descriptions": [ { "lang": "en", "value": "Matrix iOS SDK allows developers to build iOS apps compatible with Matrix. Prior to version 0.23.19, an attacker cooperating with a malicious homeserver can construct messages that legitimately appear to have come from another person, without any indication such as a grey shield. Additionally, a sophisticated attacker cooperating with a malicious homeserver could employ this vulnerability to perform a targeted attack in order to send fake to-device messages appearing to originate from another user. This can allow, for example, to inject the key backup secret during a self-verification, to make a targeted device start using a malicious key backup spoofed by the homeserver. These attacks are possible due to a protocol confusion vulnerability that accepts to-device messages encrypted with Megolm instead of Olm. matrix-ios-sdk version 0.23.19 has been modified to only accept Olm-encrypted to-device messages. Out of caution, several other checks have been audited or added. This attack requires coordination between a malicious home server and an attacker, so those who trust their home servers do not need a workaround. To avoid malicious backup attacks, one should not verify one\u0027s new logins using emoji/QR verifications methods until patched." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.6, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-322", "description": "CWE-322: Key Exchange without Entity Authentication", "lang": "en", "type": "CWE" } ] }, { "descriptions": [ { "cweId": "CWE-287", "description": "CWE-287: Improper Authentication", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2022-09-28T20:35:10.000Z", "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://matrix.org/blog/2022/09/28/upgrade-now-to-address-encryption-vulns-in-matrix-sdks-and-clients" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://github.com/matrix-org/matrix-ios-sdk/security/advisories/GHSA-hw6g-j8v6-9hcm" }, { "tags": [ "x_refsource_MISC" ], "url": "https://github.com/matrix-org/matrix-ios-sdk/commit/5ca86c328a5faaab429c240551cb9ca8f0f6262c" }, { "tags": [ "x_refsource_MISC" ], "url": "https://github.com/matrix-org/matrix-ios-sdk/releases/tag/v0.23.19" } ], "source": { "advisory": "GHSA-hw6g-j8v6-9hcm", "discovery": "UNKNOWN" }, "title": "Matrix iOS SDK vulnerable ton Olm/Megolm protocol confusion", "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security-advisories@github.com", "ID": "CVE-2022-39255", "STATE": "PUBLIC", "TITLE": "Matrix iOS SDK vulnerable ton Olm/Megolm protocol confusion" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "matrix-ios-sdk", "version": { "version_data": [ { "version_value": "\u003c 0.23.19" } ] } } ] }, "vendor_name": "matrix-org" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Matrix iOS SDK allows developers to build iOS apps compatible with Matrix. Prior to version 0.23.19, an attacker cooperating with a malicious homeserver can construct messages that legitimately appear to have come from another person, without any indication such as a grey shield. Additionally, a sophisticated attacker cooperating with a malicious homeserver could employ this vulnerability to perform a targeted attack in order to send fake to-device messages appearing to originate from another user. This can allow, for example, to inject the key backup secret during a self-verification, to make a targeted device start using a malicious key backup spoofed by the homeserver. These attacks are possible due to a protocol confusion vulnerability that accepts to-device messages encrypted with Megolm instead of Olm. matrix-ios-sdk version 0.23.19 has been modified to only accept Olm-encrypted to-device messages. Out of caution, several other checks have been audited or added. This attack requires coordination between a malicious home server and an attacker, so those who trust their home servers do not need a workaround. To avoid malicious backup attacks, one should not verify one\u0027s new logins using emoji/QR verifications methods until patched." } ] }, "impact": { "cvss": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.6, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N", "version": "3.1" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-322: Key Exchange without Entity Authentication" } ] }, { "description": [ { "lang": "eng", "value": "CWE-287: Improper Authentication" } ] } ] }, "references": { "reference_data": [ { "name": "https://matrix.org/blog/2022/09/28/upgrade-now-to-address-encryption-vulns-in-matrix-sdks-and-clients", "refsource": "MISC", "url": "https://matrix.org/blog/2022/09/28/upgrade-now-to-address-encryption-vulns-in-matrix-sdks-and-clients" }, { "name": "https://github.com/matrix-org/matrix-ios-sdk/security/advisories/GHSA-hw6g-j8v6-9hcm", "refsource": "CONFIRM", "url": "https://github.com/matrix-org/matrix-ios-sdk/security/advisories/GHSA-hw6g-j8v6-9hcm" }, { "name": "https://github.com/matrix-org/matrix-ios-sdk/commit/5ca86c328a5faaab429c240551cb9ca8f0f6262c", "refsource": "MISC", "url": "https://github.com/matrix-org/matrix-ios-sdk/commit/5ca86c328a5faaab429c240551cb9ca8f0f6262c" }, { "name": "https://github.com/matrix-org/matrix-ios-sdk/releases/tag/v0.23.19", "refsource": "MISC", "url": "https://github.com/matrix-org/matrix-ios-sdk/releases/tag/v0.23.19" } ] }, "source": { "advisory": "GHSA-hw6g-j8v6-9hcm", "discovery": "UNKNOWN" } } } }, "cveMetadata": { "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "assignerShortName": "GitHub_M", "cveId": "CVE-2022-39255", "datePublished": "2022-09-28T20:35:10.000Z", "dateReserved": "2022-09-02T00:00:00.000Z", "dateUpdated": "2025-04-23T16:54:34.263Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2022-39257 (GCVE-0-2022-39257)
Vulnerability from cvelistv5
Published
2022-09-28 20:55
Modified
2025-04-23 16:54
Severity ?
VLAI Severity ?
EPSS score ?
Summary
Matrix iOS SDK allows developers to build iOS apps compatible with Matrix. Prior to version 0.23.19, an attacker cooperating with a malicious homeserver can construct messages appearing to have come from another person. Such messages will be marked with a grey shield on some platforms, but this may be missing in others. This attack is possible due to the matrix-ios-sdk implementing a too permissive key forwarding strategy. The default policy for accepting key forwards has been made more strict in the matrix-ios-sdk version 0.23.19. matrix-ios-sdk will now only accept forwarded keys in response to previously issued requests and only from own, verified devices. The SDK now sets a `trusted` flag on the decrypted message upon decryption, based on whether the key used to decrypt the message was received from a trusted source. Clients need to ensure that messages decrypted with a key with `trusted = false` are decorated appropriately (for example, by showing a warning for such messages). This attack requires coordination between a malicious home server and an attacker, so those who trust their home servers do not need a workaround.
References
► | URL | Tags | ||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
matrix-org | matrix-ios-sdk |
Version: < 0.23.19 |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T12:00:43.591Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://matrix.org/blog/2022/09/28/upgrade-now-to-address-encryption-vulns-in-matrix-sdks-and-clients" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/matrix-org/matrix-ios-sdk/commit/5ca86c328a5faaab429c240551cb9ca8f0f6262c" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/matrix-org/matrix-ios-sdk/releases/tag/v0.23.19" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://github.com/matrix-org/matrix-ios-sdk/security/advisories/GHSA-qxr3-5jmq-xcf4" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2022-39257", "options": [ { "Exploitation": "none" }, { "Automatable": "yes" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-04-23T15:50:39.526542Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-04-23T16:54:28.718Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "matrix-ios-sdk", "vendor": "matrix-org", "versions": [ { "status": "affected", "version": "\u003c 0.23.19" } ] } ], "descriptions": [ { "lang": "en", "value": "Matrix iOS SDK allows developers to build iOS apps compatible with Matrix. Prior to version 0.23.19, an attacker cooperating with a malicious homeserver can construct messages appearing to have come from another person. Such messages will be marked with a grey shield on some platforms, but this may be missing in others. This attack is possible due to the matrix-ios-sdk implementing a too permissive key forwarding strategy. The default policy for accepting key forwards has been made more strict in the matrix-ios-sdk version 0.23.19. matrix-ios-sdk will now only accept forwarded keys in response to previously issued requests and only from own, verified devices. The SDK now sets a `trusted` flag on the decrypted message upon decryption, based on whether the key used to decrypt the message was received from a trusted source. Clients need to ensure that messages decrypted with a key with `trusted = false` are decorated appropriately (for example, by showing a warning for such messages). This attack requires coordination between a malicious home server and an attacker, so those who trust their home servers do not need a workaround." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-322", "description": "CWE-322: Key Exchange without Entity Authentication", "lang": "en", "type": "CWE" } ] }, { "descriptions": [ { "cweId": "CWE-287", "description": "CWE-287: Improper Authentication", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2022-09-28T20:55:10.000Z", "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://matrix.org/blog/2022/09/28/upgrade-now-to-address-encryption-vulns-in-matrix-sdks-and-clients" }, { "tags": [ "x_refsource_MISC" ], "url": "https://github.com/matrix-org/matrix-ios-sdk/commit/5ca86c328a5faaab429c240551cb9ca8f0f6262c" }, { "tags": [ "x_refsource_MISC" ], "url": "https://github.com/matrix-org/matrix-ios-sdk/releases/tag/v0.23.19" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://github.com/matrix-org/matrix-ios-sdk/security/advisories/GHSA-qxr3-5jmq-xcf4" } ], "source": { "advisory": "GHSA-qxr3-5jmq-xcf4", "discovery": "UNKNOWN" }, "title": "Matrix iOS SDK vulnerable to impersonation via forwarded Megolm sessions", "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security-advisories@github.com", "ID": "CVE-2022-39257", "STATE": "PUBLIC", "TITLE": "Matrix iOS SDK vulnerable to impersonation via forwarded Megolm sessions" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "matrix-ios-sdk", "version": { "version_data": [ { "version_value": "\u003c 0.23.19" } ] } } ] }, "vendor_name": "matrix-org" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Matrix iOS SDK allows developers to build iOS apps compatible with Matrix. Prior to version 0.23.19, an attacker cooperating with a malicious homeserver can construct messages appearing to have come from another person. Such messages will be marked with a grey shield on some platforms, but this may be missing in others. This attack is possible due to the matrix-ios-sdk implementing a too permissive key forwarding strategy. The default policy for accepting key forwards has been made more strict in the matrix-ios-sdk version 0.23.19. matrix-ios-sdk will now only accept forwarded keys in response to previously issued requests and only from own, verified devices. The SDK now sets a `trusted` flag on the decrypted message upon decryption, based on whether the key used to decrypt the message was received from a trusted source. Clients need to ensure that messages decrypted with a key with `trusted = false` are decorated appropriately (for example, by showing a warning for such messages). This attack requires coordination between a malicious home server and an attacker, so those who trust their home servers do not need a workaround." } ] }, "impact": { "cvss": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-322: Key Exchange without Entity Authentication" } ] }, { "description": [ { "lang": "eng", "value": "CWE-287: Improper Authentication" } ] } ] }, "references": { "reference_data": [ { "name": "https://matrix.org/blog/2022/09/28/upgrade-now-to-address-encryption-vulns-in-matrix-sdks-and-clients", "refsource": "MISC", "url": "https://matrix.org/blog/2022/09/28/upgrade-now-to-address-encryption-vulns-in-matrix-sdks-and-clients" }, { "name": "https://github.com/matrix-org/matrix-ios-sdk/commit/5ca86c328a5faaab429c240551cb9ca8f0f6262c", "refsource": "MISC", "url": "https://github.com/matrix-org/matrix-ios-sdk/commit/5ca86c328a5faaab429c240551cb9ca8f0f6262c" }, { "name": "https://github.com/matrix-org/matrix-ios-sdk/releases/tag/v0.23.19", "refsource": "MISC", "url": "https://github.com/matrix-org/matrix-ios-sdk/releases/tag/v0.23.19" }, { "name": "https://github.com/matrix-org/matrix-ios-sdk/security/advisories/GHSA-qxr3-5jmq-xcf4", "refsource": "CONFIRM", "url": "https://github.com/matrix-org/matrix-ios-sdk/security/advisories/GHSA-qxr3-5jmq-xcf4" } ] }, "source": { "advisory": "GHSA-qxr3-5jmq-xcf4", "discovery": "UNKNOWN" } } } }, "cveMetadata": { "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "assignerShortName": "GitHub_M", "cveId": "CVE-2022-39257", "datePublished": "2022-09-28T20:55:10.000Z", "dateReserved": "2022-09-02T00:00:00.000Z", "dateUpdated": "2025-04-23T16:54:28.718Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
Mitigation
Phase: Architecture and Design
Description:
- Ensure that proper authentication is included in the system design.
Mitigation
Phase: Implementation
Description:
- Understand and properly implement all checks necessary to ensure the identity of entities involved in encrypted communications.
No CAPEC attack patterns related to this CWE.