CVE-2022-39252
MEDIUM6.5EPSS 0.16%matrix-sdk Impersonation of room keys
發布日:2022/9/30修改日:2023/11/8
描述
When the user receives a forwarded room key, the software accepts it without checking who the room key came from. This allows homeservers to try to insert room keys of questionable validity, potentially mounting an impersonation attack.
受影響套件(2)
- crates.io/matrix-sdk-cryptofrom 0, < 0.6.0
- crates.io/matrix-sdk-crypto>= 0.0.0-0, < 0.6.0
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM6.5 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N |
參考連結(8)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2022-39252
- PATCHhttps://crates.io/crates/matrix-sdk-crypto
- PATCHhttps://github.com/matrix-org/matrix-rust-sdk
- WEBhttps://github.com/matrix-org/matrix-rust-sdk/commit/093fb5d0aa21c0b5eaea6ec96b477f1075271cbb
- WEBhttps://github.com/matrix-org/matrix-rust-sdk/commit/41449d2cc360e347f5d4e1c154ec1e3185f11acd
- WEBhttps://github.com/matrix-org/matrix-rust-sdk/releases/tag/matrix-sdk-0.6.0
- WEBhttps://github.com/matrix-org/matrix-rust-sdk/security/advisories/GHSA-vp68-2wrm-69qm
- WEBhttps://rustsec.org/advisories/RUSTSEC-2022-0085.html