Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
rustsecRustsecRUSTSEC-2022-0085
HistorySep 29, 2022 - 12:00 p.m.

matrix-sdk Impersonation of room keys

2022-09-2912:00:00
rustsec.org
7
software
impersonation attack
room keys

0.001 Low

EPSS

Percentile

37.8%

JSON

When the user receives a forwarded room key, the software accepts it without
checking who the room key came from. This allows homeservers to try to insert
room keys of questionable validity, potentially mounting an impersonation attack.

CPENameOperatorVersion
matrix-sdk-cryptolt0.6.0

Related

nvd 1
osv 3
cvelist 1
github 1
cve 1
prion 1
nvd
nvd
CVE-2022-39252
2022-09-29 15:15:10
osv
osv
CVE-2022-39252
2022-09-29 15:15:10
matrix-sdk Impersonation of room keys
2022-09-29 12:00:00
matrix-sdk-crypto contains potential impersonation via room key forward responses
2022-09-30 22:51:57
cvelist
cvelist
CVE-2022-39252 When matrix-rust-sdk recieves forwarded room keys, the reciever doesn't check if it requested the key from the forwarder
2022-09-29 14:15:14
github
github
matrix-sdk-crypto contains potential impersonation via room key forward responses
2022-09-30 22:51:57
cve
cve
CVE-2022-39252
2022-09-29 15:15:10
prion
prion
Code injection
2022-09-29 15:15:00

0.001 Low

EPSS

Percentile

37.8%

JSON
Related for RUSTSEC-2022-0085
nvd1osv3cvelist1github1cve1prion1