matrix-js-sdk is the Matrix Client-Server SDK for JavaScript and TypeScript. An attacker present in a room where an MSC3401 group call is taking place can eavesdrop on the video and audio of participants using matrix-js-sdk, without their knowledge. To affected matrix-js-sdk users, the attacker will not appear to be participating in the call. This attack is possible because matrix-js-sdks group call implementation accepts incoming direct calls from other users, even if they have not yet declared intent to participate in the group call, as a means of resolving a race condition in call setup. Affected versions do not restrict access to the users outbound media in this case. Legacy 1:1 calls are unaffected. This is fixed in matrix-js-sdk 24.1.0. As a workaround, users may hold group calls in private rooms where only the exact users who are expected to participate in the call are present.
The product does not perform an authorization check when an actor attempts to access a resource or perform an action.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Javascript_sdk | Matrix | * | 24.1.0 (excluding) |
Node-matrix-js-sdk | Ubuntu | kinetic | * |
Node-matrix-js-sdk | Ubuntu | lunar | * |
Node-matrix-js-sdk | Ubuntu | mantic | * |
Node-matrix-js-sdk | Ubuntu | trusty | * |
Node-matrix-js-sdk | Ubuntu | xenial | * |
Assuming a user with a given identity, authorization is the process of determining whether that user can access a given resource, based on the user’s privileges and any permissions or other access-control specifications that apply to the resource. When access control checks are not applied, users are able to access data or perform actions that they should not be allowed to perform. This can lead to a wide range of problems, including information exposures, denial of service, and arbitrary code execution.