| Vulnerability Name: | CVE-2022-39249 (CCN-237471) | ||||||||||||||||||
| Assigned: | 2022-09-28 | ||||||||||||||||||
| Published: | 2022-09-28 | ||||||||||||||||||
| Updated: | 2022-12-08 | ||||||||||||||||||
| Summary: | Matrix Javascript SDK is the Matrix Client-Server SDK for JavaScript. Prior to version 19.7.0, an attacker cooperating with a malicious homeserver can construct messages appearing to have come from another person. Such messages will be marked with a grey shield on some platforms, but this may be missing in others. This attack is possible due to the matrix-js-sdk implementing a too permissive key forwarding strategy on the receiving end. Starting with version 19.7.0, the default policy for accepting key forwards has been made more strict in the matrix-js-sdk. matrix-js-sdk will now only accept forwarded keys in response to previously issued requests and only from own, verified devices. The SDK now sets a `trusted` flag on the decrypted message upon decryption, based on whether the key used to decrypt the message was received from a trusted source. Clients need to ensure that messages decrypted with a key with `trusted = false` are decorated appropriately, for example, by showing a warning for such messages. This attack requires coordination between a malicious homeserver and an attacker, and those who trust your homeservers do not need a workaround. | ||||||||||||||||||
| CVSS v3 Severity: | 7.5 High (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N) 6.5 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C)
6.5 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C)
6.5 Medium (REDHAT Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C)
| ||||||||||||||||||
| CVSS v2 Severity: | 7.8 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:C/A:N)
| ||||||||||||||||||
| Vulnerability Type: | CWE-322) | ||||||||||||||||||
| Vulnerability Consequences: | Bypass Security | ||||||||||||||||||
| References: | Source: MITRE Type: CNA CVE-2022-39249 Source: XF Type: UNKNOWN matrixjssdk-cve202239249-sec-bypass(237471) Source: security-advisories@github.com Type: Patch, Third Party Advisory security-advisories@github.com Source: security-advisories@github.com Type: Release Notes, Third Party Advisory security-advisories@github.com Source: CCN Type: Matrix Javascript SDK GIT Repository Impersonation via forwarded Megolm sessions Source: security-advisories@github.com Type: Third Party Advisory security-advisories@github.com Source: security-advisories@github.com Type: Patch, Third Party Advisory security-advisories@github.com Source: security-advisories@github.com Type: Vendor Advisory security-advisories@github.com Source: security-advisories@github.com Type: Third Party Advisory security-advisories@github.com Source: CCN Type: SNYK-JS-MATRIXJSSDK-3035765 Key Exchange without Entity Authentication | ||||||||||||||||||
| Vulnerable Configuration: | Configuration RedHat 1: Denotes that component is vulnerable | ||||||||||||||||||
| Oval Definitions | |||||||||||||||||||
| |||||||||||||||||||
| BACK | |||||||||||||||||||