CVE & CISA-KEV Catalog

CVE-2022-39249

HIGH
7.5
CVSS v3
NVD

Description

Matrix Javascript SDK is the Matrix Client-Server SDK for JavaScript. Prior to version 19.7.0, an attacker cooperating with a malicious homeserver can construct messages appearing to have come from another person. Such messages will be marked with a grey shield on some platforms, but this may be missing in others. This attack is possible due to the matrix-js-sdk implementing a too permissive key forwarding strategy on the receiving end. Starting with version 19.7.0, the default policy for accepting key forwards has been made more strict in the matrix-js-sdk. matrix-js-sdk will now only accept forwarded keys in response to previously issued requests and only from own, verified devices. The SDK now sets a `trusted` flag on the decrypted message upon decryption, based on whether the key used to decrypt the message was received from a trusted source. Clients need to ensure that messages decrypted with a key with `trusted = false` are decorated appropriately, for example, by showing a warning for such messages. This attack requires coordination between a malicious homeserver and an attacker, and those who trust your homeservers do not need a workaround.

How to fix

Remediation Available
thunderbirdUbuntu
Fixed in:1:102.4.2+build2-0ubuntu0.18.04.1USN-5724-1
Fixed in:1:102.4.2+build2-0ubuntu0.20.04.1USN-5724-1
Fixed in:1:102.4.2+build2-0ubuntu0.22.04.1USN-5724-1
Fixed in:1:102.4.2+build2-0ubuntu0.22.10.1USN-5724-1

Remediation is compiled from vendor and distribution security advisories. Always confirm against the linked source for your exact version and platform.

CVSS v3 Vector

Exploitability

Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredNone
User InteractionNone
ScopeUnchanged

Impact

ConfidentialityNone
IntegrityHigh
AvailabilityNone

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Exploit Intelligence

0.94%probability of exploitation in 30 days
56thpercentile

Moderate risk: more likely to be exploited than 56% of all known CVEs.

References

Embed a live status badge for CVE-2022-39249
CVE-2022-39249 severity badge

Markdown

[![CVE-2022-39249](https://tridentstack.com/cve/badge/CVE-2022-39249.svg)](https://tridentstack.com/cve/CVE-2022-39249)

HTML

<a href="https://tridentstack.com/cve/CVE-2022-39249"><img src="https://tridentstack.com/cve/badge/CVE-2022-39249.svg" alt="CVE-2022-39249"></a>

Find and fix vulnerabilities across your fleet

TridentStack Control continuously scans your Windows, macOS, and Linux fleet for known vulnerabilities, prioritizes them by severity and active exploitation, and patches them automatically.

Start free

This product uses NVD data but is not endorsed or certified by the NVD. EPSS scores courtesy of FIRST.org (https://www.first.org/epss). Source: CISA KEV Catalog. Data as of 2024-11-21.