Lucene search
Veracode Vulnerability DatabaseVERACODE:37329HistorySep 29, 2022 - 6:47 a.m.
Spoofing Attack
2022-09-2906:47:20
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
10
spoofing attack
software vulnerability
self-verification
fake messages
0.001 Low
EPSS
Percentile
45.5%
matrix-js-sdk is vulnerable to spoofing attacks. The vulnerability exists due to a lack of sanitization of the secret key sent during self-verification, allowing an attacker to send fake to-device messages appearing to originate from another user.
References
github.com/matrix-org/matrix-js-sdk/commit/a587d7c36026fe1fcf93dfff63588abee359be76
github.com/matrix-org/matrix-js-sdk/releases/tag/v19.7.0
github.com/matrix-org/matrix-js-sdk/security/advisories/GHSA-r48r-j8fx-mq2c
matrix.org/blog/2022/09/28/upgrade-now-to-address-encryption-vulns-in-matrix-sdks-and-clients
security.gentoo.org/glsa/202210-35
Related
ubuntucve
ubuntucve
CVE-2022-39251
2022-09-28 00:00:00
cvelist
cvelist
prion
prion
Type confusion
2022-09-28 20:15:00
redhatcve
redhatcve
CVE-2022-39251
2022-10-17 14:19:04
nvd
nvd
CVE-2022-39251
2022-09-28 20:15:16
osv
osv
CVE-2022-39251
2022-09-28 20:15:16
matrix-js-sdk subject to user spoofing via Olm/Megolm protocol confusion
2022-09-30 00:41:24
Important: thunderbird security update
2022-10-25 00:00:00
alpinelinux
alpinelinux
CVE-2022-39251
2022-09-28 20:15:16
debiancve
debiancve
CVE-2022-39251
2022-09-28 20:15:16
cve
cve
CVE-2022-39251
2022-09-28 20:15:16
github
github
matrix-js-sdk subject to user spoofing via Olm/Megolm protocol confusion
2022-09-30 00:41:24
mozilla
mozilla
Security Vulnerabilities fixed in Thunderbird 102.3.1 — Mozilla
2022-09-28 00:00:00
mageia
mageia
Updated thunderbird packages fix security vulnerability
2022-10-01 20:48:24
nessus
nessus
Slackware Linux 15.0 / current mozilla-thunderbird Multiple Vulnerabilities (SSA:2022-273-01)
2022-09-30 00:00:00
Mozilla Thunderbird < 102.3.1
2022-09-29 00:00:00
Fedora 35 : thunderbird (2022-1454bee2fa)
2022-12-22 00:00:00
freebsd
freebsd
Matrix clients -- several vulnerabilities
2022-09-23 00:00:00
kaspersky
kaspersky
KLA19266 Multiple vulnerabilities in Mozilla Thunderbird
2022-09-28 00:00:00
slackware
slackware
[slackware-security] mozilla-thunderbird
2022-09-30 18:00:22
openvas
openvas
Mozilla Thunderbird Security Advisory (MFSA2022-43) - Mac OS X
2022-09-30 00:00:00
Mageia: Security Advisory (MGASA-2022-0355)
2022-10-03 00:00:00
Mozilla Thunderbird Security Advisory (MFSA2022-43) - Windows
2022-09-30 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 10 package thunderbird version 102.3.1-alt1
2022-10-10 00:00:00
gentoo
gentoo
Mozilla Thunderbird: Multiple Vulnerabilities
2022-10-31 00:00:00
oraclelinux
oraclelinux
thunderbird security update
2022-10-27 00:00:00
thunderbird security update
2022-10-27 00:00:00
thunderbird security update
2022-10-27 00:00:00
redhat
redhat
(RHSA-2022:7183) Important: thunderbird security update
2022-10-25 14:13:27
(RHSA-2022:7178) Important: thunderbird security update
2022-10-25 13:48:26
(RHSA-2022:7184) Important: thunderbird security update
2022-10-25 14:16:46
almalinux
almalinux
Important: thunderbird security update
2022-10-25 00:00:00
Important: thunderbird security update
2022-10-25 00:00:00
rocky
rocky
thunderbird security update
2022-10-25 14:29:50
suse
suse
Security update for MozillaThunderbird (important)
2022-10-27 00:00:00
ubuntu
ubuntu
Thunderbird vulnerabilities
2022-11-11 00:00:00
amazon
amazon
Important: thunderbird
2022-12-01 20:32:00
Important: thunderbird
2022-12-01 20:32:00