CVE-2024-47080Sensitive Information Exposure in Matrix-js-sdk

CWE-200Sensitive Information ExposureCWE-287Improper Authentication8 documents5 sources
Severity
8.7HIGHNVD
EPSS
0.6%
top 31.07%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Matrix-org Matrix-js-sdkMatrix-react-sdk Project Matrix-react-sdk
Timeline
PublishedOct 15

Description

matrix-js-sdk is the Matrix Client-Server SDK for JavaScript and TypeScript. In matrix-js-sdk versions versions 9.11.0 through 34.7.0, the method `MatrixClient.sendSharedHistoryKeys` is vulnerable to interception by malicious homeservers. The method was introduced by MSC3061) and is commonly used to share historical message keys with newly invited users, granting them access to past messages in the room. However, it unconditionally sends these "shared" keys to all of the invited user's devices,

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Affected Packages3 packages

npmmatrix-org/matrix-js-sdk9.11.034.8.0
CVEListV5matrix-org/matrix-js-sdk>= 9.11.0, < 34.8.0

🔴Vulnerability Details

6
OSV
Malicious homeservers can steal message keys when the matrix-react-sdk user invites another user to a room2024-10-15
GHSA
Malicious homeservers can steal message keys when the matrix-react-sdk user invites another user to a room2024-10-15
CVEList
matrix-js-sdk keys sent via `sendSharedHistoryKeys` vulnerable to interception by malicious homeserver2024-10-15
OSV
CVE-2024-47080: matrix-js-sdk is the Matrix Client-Server SDK for JavaScript and TypeScript2024-10-15
OSV
Matrix JavaScript SDK's key history sharing could share keys to malicious devices2024-10-15

📋Vendor Advisories

1
Debian
CVE-2024-47080: node-matrix-js-sdk - matrix-js-sdk is the Matrix Client-Server SDK for JavaScript and TypeScript. In ...2024
CVE-2024-47080 — Sensitive Information Exposure | cvebase