Vulnerability Details : CVE-2022-39252
matrix-rust-sdk is an implementation of a Matrix client-server library in Rust, and matrix-sdk-crypto is the Matrix encryption library. Prior to version 0.6, when a user requests a room key from their devices, the software correctly remembers the request. When the user receives a forwarded room key, the software accepts it without checking who the room key came from. This allows homeservers to try to insert room keys of questionable validity, potentially mounting an impersonation attack. Version 0.6 fixes this issue.
Vulnerability category: BypassGain privilege
Products affected by CVE-2022-39252
- cpe:2.3:a:matrix:matrix-rust-sdk:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2022-39252
0.09%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 37 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2022-39252
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.5
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N |
3.9
|
3.6
|
NIST | |
8.6
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N |
3.9
|
4.0
|
GitHub, Inc. |
CWE ids for CVE-2022-39252
-
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.Assigned by: security-advisories@github.com (Primary)
-
The product performs a key exchange with an actor without verifying the identity of that actor.Assigned by: security-advisories@github.com (Primary)
References for CVE-2022-39252
-
https://github.com/matrix-org/matrix-rust-sdk/releases/tag/matrix-sdk-0.6.0
Release 2022-09-28 - Matrix SDK 0.6.0 · matrix-org/matrix-rust-sdk · GitHubRelease Notes;Third Party Advisory
-
https://github.com/matrix-org/matrix-rust-sdk/commit/41449d2cc360e347f5d4e1c154ec1e3185f11acd
test(crypto): Test that we reject forwarded room keys from other users · matrix-org/matrix-rust-sdk@41449d2 · GitHubPatch;Third Party Advisory
-
https://github.com/matrix-org/matrix-rust-sdk/security/advisories/GHSA-vp68-2wrm-69qm
When receiving forwarded room keys, we don't check that the forwarder device matches the device we requested from · Advisory · matrix-org/matrix-rust-sdk · GitHubThird Party Advisory
-
https://github.com/matrix-org/matrix-rust-sdk/commit/093fb5d0aa21c0b5eaea6ec96b477f1075271cbb
fix(crypto): Only accept forwarded room keys from our own trusted dev… · matrix-org/matrix-rust-sdk@093fb5d · GitHubPatch;Third Party Advisory
Jump to