RUSTSEC-2022-0085

See a problem?
Please try reporting it to the source first.

Source

https://rustsec.org/advisories/RUSTSEC-2022-0085

Import Source

https://github.com/rustsec/advisory-db/blob/osv/crates/RUSTSEC-2022-0085.json

JSON Data

https://api.osv.dev/v1/vulns/RUSTSEC-2022-0085

Aliases

Published

2022-09-29T12:00:00Z

Modified

2023-11-08T04:10:16.760388Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVSS Calculator

Summary

matrix-sdk Impersonation of room keys

Details

When the user receives a forwarded room key, the software accepts it without checking who the room key came from. This allows homeservers to try to insert room keys of questionable validity, potentially mounting an impersonation attack.

Database specific

{
    "license": "CC0-1.0"
}

References

Affected packages

crates.io / matrix-sdk-crypto

Package

Name: matrix-sdk-crypto; View open source insights on deps.dev
Purl: pkg:cargo/matrix-sdk-crypto

Affected ranges

Type: SEMVER
Events: Introduced

0.0.0-0

Fixed

0.6.0

Ecosystem specific

{
    "affected_functions": null,
    "affects": {
        "os": [],
        "functions": [],
        "arch": []
    }
}

Database specific

{
    "cvss": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
    "informational": null,
    "categories": []
}