CVSS: 10.0EPSS: 9%CPEs: 1EXPL: 1CVE-2024-50485 – WordPress Exam Matrix plugin <= 1.5 - Privilege Escalation vulnerability
https://notcve.org/view.php?id=CVE-2024-50485
25 Oct 2024 — : Incorrect Privilege Assignment vulnerability in Udit Rawat Exam Matrix allows Privilege Escalation.This issue affects Exam Matrix: from n/a through 1.5. :La vulnerabilidad de asignación incorrecta de privilegios en Udit Rawat Exam Matrix permite la escalada de privilegios. Este problema afecta a Exam Matrix: desde n/a hasta 1.5. The Exam Matrix plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.5. This is due to the plugin not properly restricting functional... • https://github.com/RandomRobbieBF/CVE-2024-50485 • CWE-266: Incorrect Privilege Assignment •
CVSS: 8.7EPSS: 0%CPEs: 1EXPL: 0CVE-2024-47824 – Malicious homeservers can steal message keys when the matrix-react-sdk user invites another user to a room
https://notcve.org/view.php?id=CVE-2024-47824
15 Oct 2024 — matrix-react-sdk is react-based software development kit for inserting a Matrix chat/VOIP client into a web page. Starting in version 3.18.0 and before 3.102.0, matrix-react-sdk allows a malicious homeserver to potentially steal message keys for a room when a user invites another user to that room, via injection of a malicious device controlled by the homeserver. This is possible because matrix-react-sdk before 3.102.0 shared historical message keys on invite. Version 3.102.0 fixes this issue by disabling s... • https://github.com/matrix-org/matrix-react-sdk/security/advisories/GHSA-qcvh-p9jq-wp8v • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-47080 – matrix-js-sdk keys sent via `sendSharedHistoryKeys` vulnerable to interception by malicious homeserver
https://notcve.org/view.php?id=CVE-2024-47080
15 Oct 2024 — matrix-js-sdk is the Matrix Client-Server SDK for JavaScript and TypeScript. In matrix-js-sdk versions versions 9.11.0 through 34.7.0, the method `MatrixClient.sendSharedHistoryKeys` is vulnerable to interception by malicious homeservers. The method was introduced by MSC3061) and is commonly used to share historical message keys with newly invited users, granting them access to past messages in the room. However, it unconditionally sends these "shared" keys to all of the invited user's devices, regardless o... • https://github.com/matrix-org/matrix-js-sdk/commit/2fb1e659c81f75253c047832dc9dcc2beddfac5f • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-287: Improper Authentication •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-45191
https://notcve.org/view.php?id=CVE-2024-45191
22 Aug 2024 — An issue was discovered in Matrix libolm (aka Olm) through 3.2.16. The AES implementation is vulnerable to cache-timing attacks due to use of S-boxes. This is related to software that uses a lookup table for the SubWord step. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. An issue was discovered in Matrix libolm through 3.2.16. • https://gitlab.matrix.org/matrix-org/olm • CWE-208: Observable Timing Discrepancy •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-45192
https://notcve.org/view.php?id=CVE-2024-45192
22 Aug 2024 — An issue was discovered in Matrix libolm (aka Olm) through 3.2.16. Cache-timing attacks can occur due to use of base64 when decoding group session keys. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. An issue was discovered in Matrix libolm through 3.2.16. Cache-timing attacks can occur due to use of base64 when decoding group session keys. • https://gitlab.matrix.org/matrix-org/olm • CWE-385: Covert Timing Channel •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-45193
https://notcve.org/view.php?id=CVE-2024-45193
22 Aug 2024 — An issue was discovered in Matrix libolm (aka Olm) through 3.2.16. There is Ed25519 signature malleability due to lack of validation criteria (does not ensure that S < n). NOTE: This vulnerability only affects products that are no longer supported by the maintainer. An issue was discovered in Matrix libolm through 3.2.16. There is Ed25519 signature malleability due to lack of validation criteria (does not ensure that S < n). • https://gitlab.matrix.org/matrix-org/olm • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-42369 – A room with itself as a its predecessor will freeze matrix-js-sdk
https://notcve.org/view.php?id=CVE-2024-42369
20 Aug 2024 — matrix-js-sdk is a Matrix messaging protocol Client-Server SDK for JavaScript. A malicious homeserver can craft a room or room structure such that the predecessors form a cycle. The matrix-js-sdk's getRoomUpgradeHistory function will infinitely recurse in this case, causing the code to hang. This method is public but also called by the 'leaveRoomChain()' method, so leaving a room will also trigger the bug. This was patched in matrix-js-sdk 34.3.1. • https://github.com/matrix-org/matrix-js-sdk/commit/a0efed8b881b3db6c9f2c71d6a6e74c2828978c6 • CWE-674: Uncontrolled Recursion •
CVSS: 7.7EPSS: 0%CPEs: 1EXPL: 0CVE-2024-42347 – URL preview setting for a room is controllable by the homeserver in matrix-react-sdk
https://notcve.org/view.php?id=CVE-2024-42347
06 Aug 2024 — matrix-react-sdk is a react-based SDK for inserting a Matrix chat/voip client into a web page. A malicious homeserver could manipulate a user's account data to cause the client to enable URL previews in end-to-end encrypted rooms, in which case any URLs in encrypted messages would be sent to the server. This was patched in matrix-react-sdk 3.105.0. Deployments that trust their homeservers, as well as closed federations of trusted servers, are not affected. Users are advised to upgrade. • https://github.com/matrix-org/matrix-react-sdk/releases/tag/v3.105.1 • CWE-359: Exposure of Private Personal Information to an Unauthorized Actor •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-38432 – Matrix – Tafnit v8 CWE-646: Reliance on File Name or Extension of Externally-Supplied File
https://notcve.org/view.php?id=CVE-2024-38432
30 Jul 2024 — Matrix Tafnit v8 - CWE-646: Reliance on File Name or Extension of Externally-Supplied File Matrix Tafnit v8 - CWE-646: Reliance on File Name or Extension of Externally-Supplied File • https://www.gov.il/en/Departments/faq/cve_advisories • CWE-646: Reliance on File Name or Extension of Externally-Supplied File •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-38431 – Matrix Tafnit v8 - CWE-204: Observable Response Discrepancy
https://notcve.org/view.php?id=CVE-2024-38431
30 Jul 2024 — Matrix Tafnit v8 - CWE-204: Observable Response Discrepancy Matrix Tafnit v8 - CWE-204: Observable Response Discrepancy • https://www.gov.il/en/Departments/faq/cve_advisories • CWE-204: Observable Response Discrepancy •