CVE Vulnerabilities

CVE-2022-39249

Improper Authentication

Published: Sep 28, 2022 | Modified: Dec 08, 2022
CVSS 3.x
7.5
HIGH
Source:
NVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
CVSS 2.x
RedHat/V2
RedHat/V3
7.5 IMPORTANT
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Ubuntu
MEDIUM

Matrix Javascript SDK is the Matrix Client-Server SDK for JavaScript. Prior to version 19.7.0, an attacker cooperating with a malicious homeserver can construct messages appearing to have come from another person. Such messages will be marked with a grey shield on some platforms, but this may be missing in others. This attack is possible due to the matrix-js-sdk implementing a too permissive key forwarding strategy on the receiving end. Starting with version 19.7.0, the default policy for accepting key forwards has been made more strict in the matrix-js-sdk. matrix-js-sdk will now only accept forwarded keys in response to previously issued requests and only from own, verified devices. The SDK now sets a trusted flag on the decrypted message upon decryption, based on whether the key used to decrypt the message was received from a trusted source. Clients need to ensure that messages decrypted with a key with trusted = false are decorated appropriately, for example, by showing a warning for such messages. This attack requires coordination between a malicious homeserver and an attacker, and those who trust your homeservers do not need a workaround.

Weakness

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

Affected Software

Name Vendor Start Version End Version
Javascript_sdk Matrix * 19.7.0 (excluding)
Red Hat Enterprise Linux 7 RedHat thunderbird-0:102.4.0-1.el7_9 *
Red Hat Enterprise Linux 8 RedHat thunderbird-0:102.4.0-1.el8_6 *
Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions RedHat thunderbird-0:102.4.0-1.el8_1 *
Red Hat Enterprise Linux 8.2 Extended Update Support RedHat thunderbird-0:102.4.0-1.el8_2 *
Red Hat Enterprise Linux 8.4 Extended Update Support RedHat thunderbird-0:102.4.0-1.el8_4 *
Red Hat Enterprise Linux 9 RedHat thunderbird-0:102.4.0-1.el9_0 *
Node-matrix-js-sdk Ubuntu kinetic *
Node-matrix-js-sdk Ubuntu lunar *
Node-matrix-js-sdk Ubuntu mantic *
Node-matrix-js-sdk Ubuntu trusty *
Node-matrix-js-sdk Ubuntu xenial *
Thunderbird Ubuntu bionic *
Thunderbird Ubuntu focal *
Thunderbird Ubuntu jammy *
Thunderbird Ubuntu kinetic *
Thunderbird Ubuntu trusty *
Thunderbird Ubuntu xenial *

Potential Mitigations

References