Vulnerabilities
Misconfiguration
Runtime Security
Compliance
CVE Vulnerabilities

CVE-2022-39249

Improper Authentication

Published: Sep 28, 2022 | Modified: Dec 08, 2022
CVSS 3.x
7.5
HIGH
Source:
NVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
CVSS 2.x
RedHat/V2
RedHat/V3
7.5 IMPORTANT
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Ubuntu
MEDIUM
Additional information
NVDhttps://nvd.nist.gov/vuln/detail/CVE-2022-39249
CWEhttps://cwe.mitre.org/data/definitions/287.html

Matrix Javascript SDK is the Matrix Client-Server SDK for JavaScript. Prior to version 19.7.0, an attacker cooperating with a malicious homeserver can construct messages appearing to have come from another person. Such messages will be marked with a grey shield on some platforms, but this may be missing in others. This attack is possible due to the matrix-js-sdk implementing a too permissive key forwarding strategy on the receiving end. Starting with version 19.7.0, the default policy for accepting key forwards has been made more strict in the matrix-js-sdk. matrix-js-sdk will now only accept forwarded keys in response to previously issued requests and only from own, verified devices. The SDK now sets a trusted flag on the decrypted message upon decryption, based on whether the key used to decrypt the message was received from a trusted source. Clients need to ensure that messages decrypted with a key with trusted = false are decorated appropriately, for example, by showing a warning for such messages. This attack requires coordination between a malicious homeserver and an attacker, and those who trust your homeservers do not need a workaround.

Weakness

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

Affected Software

Name Vendor Start Version End Version
Javascript_sdk Matrix * 19.7.0 (excluding)
Red Hat Enterprise Linux 7 RedHat thunderbird-0:102.4.0-1.el7_9 *
Red Hat Enterprise Linux 8 RedHat thunderbird-0:102.4.0-1.el8_6 *
Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions RedHat thunderbird-0:102.4.0-1.el8_1 *
Red Hat Enterprise Linux 8.2 Extended Update Support RedHat thunderbird-0:102.4.0-1.el8_2 *
Red Hat Enterprise Linux 8.4 Extended Update Support RedHat thunderbird-0:102.4.0-1.el8_4 *
Red Hat Enterprise Linux 9 RedHat thunderbird-0:102.4.0-1.el9_0 *
Node-matrix-js-sdk Ubuntu kinetic *
Node-matrix-js-sdk Ubuntu lunar *
Node-matrix-js-sdk Ubuntu mantic *
Node-matrix-js-sdk Ubuntu trusty *
Node-matrix-js-sdk Ubuntu xenial *
Thunderbird Ubuntu bionic *
Thunderbird Ubuntu focal *
Thunderbird Ubuntu jammy *
Thunderbird Ubuntu kinetic *
Thunderbird Ubuntu trusty *
Thunderbird Ubuntu xenial *

Potential Mitigations

References

Aqua Security is the largest pure-play cloud native security company, providing customers the freedom to innovate and run their businesses with minimal friction. The Aqua Cloud Native Security Platform provides prevention, detection, and response automation across the entire application lifecycle to secure the build, secure cloud infrastructure and secure running workloads wherever they are deployed.
Copyright © 2024 Aqua Security Software Ltd.   Privacy Policy | Terms of Use