CVE-2024-40648 – `UserIdentity::is_verified` not checking verification status of own user identity while performing the check in matrix-rust-sdk
https://notcve.org/view.php?id=CVE-2024-40648
matrix-rust-sdk is an implementation of a Matrix client-server library in Rust. The `UserIdentity::is_verified()` method in the matrix-sdk-crypto crate before version 0.7.2 doesn't take into account the verification status of the user's own identity while performing the check and may as a result return a value contrary to what is implied by its name and documentation. If the method is used to decide whether to perform sensitive operations towards a user identity, a malicious homeserver could manipulate the outcome in order to make the identity appear trusted. This is not a typical usage of the method, which lowers the impact. The method itself is not used inside the `matrix-sdk-crypto` crate. • https://github.com/matrix-org/matrix-rust-sdk/commit/76a7052149bb8f722df12da915b3a06d19a6695a https://github.com/matrix-org/matrix-rust-sdk/security/advisories/GHSA-4qg4-cvh2-crgg • CWE-287: Improper Authentication •
CVE-2022-39252 – When matrix-rust-sdk recieves forwarded room keys, the reciever doesn't check if it requested the key from the forwarder
https://notcve.org/view.php?id=CVE-2022-39252
matrix-rust-sdk is an implementation of a Matrix client-server library in Rust, and matrix-sdk-crypto is the Matrix encryption library. Prior to version 0.6, when a user requests a room key from their devices, the software correctly remembers the request. When the user receives a forwarded room key, the software accepts it without checking who the room key came from. This allows homeservers to try to insert room keys of questionable validity, potentially mounting an impersonation attack. Version 0.6 fixes this issue. matrix-rust-sdk es una implementación de una biblioteca cliente-servidor de Matrix en Rust, y matrix-sdk-crypto es la biblioteca de cifrado de Matrix. • https://github.com/matrix-org/matrix-rust-sdk/commit/093fb5d0aa21c0b5eaea6ec96b477f1075271cbb https://github.com/matrix-org/matrix-rust-sdk/commit/41449d2cc360e347f5d4e1c154ec1e3185f11acd https://github.com/matrix-org/matrix-rust-sdk/releases/tag/matrix-sdk-0.6.0 https://github.com/matrix-org/matrix-rust-sdk/security/advisories/GHSA-vp68-2wrm-69qm • CWE-287: Improper Authentication CWE-322: Key Exchange without Entity Authentication •