Insufficient verification of data authenticity in Matrix Javascript SDK - CVE-2022-39250
Published: September 29, 2022
Vulnerability identifier: #VU67745
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2022-39250
CWE-ID: CWE-345
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Matrix.org
Affected software:
Matrix Javascript SDK
Matrix Javascript SDK
Detailed vulnerability description
The vulnerability allows a remote attacker to bypass SAS verification.
The vulnerability exists due to checking and signing user identities and devices in two separate steps, and inadequately fixing the keys to be signed between these steps. A remote attacker cooperating with a malicious home server can interfere with the verification flow between two users, injecting its own cross-signing user identity in place of one of the users’ identities, leading to the other device trusting/verifying the user identity under the control of the home server instead of the intended one.
How to mitigate CVE-2022-39250
Install updates from vendor's website.