CVE-2022-39249
Summary
| CVE | CVE-2022-39249 |
|---|
| State | PUBLIC |
|---|
| Assigner | [email protected] |
|---|
| Source Priority | CVE Program / NVD first with legacy fallback |
|---|
| Published | 2022-09-28 20:15:00 UTC |
|---|
| Updated | 2022-12-08 03:13:00 UTC |
|---|
| Description | Matrix Javascript SDK is the Matrix Client-Server SDK for JavaScript. Prior to version 19.7.0, an attacker cooperating with a malicious homeserver can construct messages appearing to have come from another person. Such messages will be marked with a grey shield on some platforms, but this may be missing in others. This attack is possible due to the matrix-js-sdk implementing a too permissive key forwarding strategy on the receiving end. Starting with version 19.7.0, the default policy for accepting key forwards has been made more strict in the matrix-js-sdk. matrix-js-sdk will now only accept forwarded keys in response to previously issued requests and only from own, verified devices. The SDK now sets a `trusted` flag on the decrypted message upon decryption, based on whether the key used to decrypt the message was received from a trusted source. Clients need to ensure that messages decrypted with a key with `trusted = false` are decorated appropriately, for example, by showing a warning for such messages. This attack requires coordination between a malicious homeserver and an attacker, and those who trust your homeservers do not need a workaround. |
|---|
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|
| MSC3061: Sharing room keys for past messages by uhoreg · Pull Request #3061 · matrix-org/matrix-spec-proposals · GitHub |
MISC |
github.com |
|
| Upgrade now to address E2EE vulnerabilities in matrix-js-sdk, matrix-ios-sdk and matrix-android-sdk2 | Matrix.org |
MISC |
matrix.org |
|
| Mozilla Thunderbird: Multiple Vulnerabilities (GLSA 202210-35) — Gentoo security |
GENTOO |
security.gentoo.org |
|
| Impersonation via forwarded Megolm sessions · Advisory · matrix-org/matrix-js-sdk · GitHub |
CONFIRM |
github.com |
|
| Release v19.7.0 · matrix-org/matrix-js-sdk · GitHub |
MISC |
github.com |
|
| Resolve multiple CVEs · matrix-org/matrix-js-sdk@a587d7c · GitHub |
MISC |
github.com |
|
| CVE Program record |
CVE.ORG |
www.cve.org |
canonical |
| NVD vulnerability detail |
NVD |
nvd.nist.gov |
canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 160177 Oracle Enterprise Linux Security Update for thunderbird (ELSA-2022-7184)
- 160181 Oracle Enterprise Linux Security Update for thunderbird (ELSA-2022-7178)
- 160184 Oracle Enterprise Linux Security Update for thunderbird (ELSA-2022-7190)
- 199024 Ubuntu Security Notification for Thunderbird Vulnerabilities (USN-5724-1)
- 240784 Red Hat Update for thunderbird (RHSA-2022:7184)
- 240786 Red Hat Update for thunderbird (RHSA-2022:7190)
- 240787 Red Hat Update for thunderbird (RHSA-2022:7178)
- 240791 Red Hat Update for thunderbird (RHSA-2022:7182)
- 240792 Red Hat Update for thunderbird (RHSA-2022:7181)
- 354131 Amazon Linux Security Advisory for thunderbird : ALAS2-2022-1900
- 377612 Mozilla Thunderbird Multiple Vulnerabilities (MFSA2022-43)
- 502515 Alpine Linux Security Update for riot-web
- 503177 Alpine Linux Security Update for element-web
- 506037 Alpine Linux Security Update for element-web
- 690947 Free Berkeley Software Distribution (FreeBSD) Security Update for matrix clients (cb902a77-3f43-11ed-9402-901b0e9408dc)
- 710676 Gentoo Linux Mozilla Thunderbird Multiple Vulnerabilities (GLSA 202210-35)
- 753237 SUSE Enterprise Linux Security Update for MozillaThunderbird (SUSE-SU-2022:3800-1)
- 940708 AlmaLinux Security Update for thunderbird (ALSA-2022:7190)
- 940711 AlmaLinux Security Update for thunderbird (ALSA-2022:7178)
- 960256 Rocky Linux Security Update for thunderbird (RLSA-2022:7190)
