CVE-2022-39252

When matrix-rust-sdk recieves forwarded room keys, the reciever doesn't check if it requested the key from the forwarder

Severity Score

7.5

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

matrix-rust-sdk is an implementation of a Matrix client-server library in Rust, and matrix-sdk-crypto is the Matrix encryption library. Prior to version 0.6, when a user requests a room key from their devices, the software correctly remembers the request. When the user receives a forwarded room key, the software accepts it without checking who the room key came from. This allows homeservers to try to insert room keys of questionable validity, potentially mounting an impersonation attack. Version 0.6 fixes this issue.

matrix-rust-sdk es una implementación de una biblioteca cliente-servidor de Matrix en Rust, y matrix-sdk-crypto es la biblioteca de cifrado de Matrix. En versiones anteriores a 0.6, cuando un usuario solicita una clave de habitación de sus dispositivos, el software recuerda correctamente la petición. Cuando el usuario recibe una clave de habitación reenviada, el software la acepta sin comprobar de quién procede la clave de habitación. Esto permite que los servidores domésticos intenten insertar llaves de habitación de dudosa validez, montando potencialmente un ataque de suplantación de identidad. La versión 0.6 corrige este problema

*Credits: N/A

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

High

Availability

None

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Changed

Confidentiality

None

Integrity

High

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2022-09-02 CVE Reserved
2022-09-29 CVE Published
2024-04-21 EPSS Updated
2024-08-03 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-287: Improper Authentication
CWE-322: Key Exchange without Entity Authentication

CAPEC

References (4)

URL	Tag	Source
https://github.com/matrix-org/matrix-rust-sdk/releases/tag/matrix-sdk-0.6.0	Release Notes
https://github.com/matrix-org/matrix-rust-sdk/security/advisories/GHSA-vp68-2wrm-69qm	Third Party Advisory

URL	Date	SRC

URL	Date	SRC
https://github.com/matrix-org/matrix-rust-sdk/commit/093fb5d0aa21c0b5eaea6ec96b477f1075271cbb	2022-10-03
https://github.com/matrix-org/matrix-rust-sdk/commit/41449d2cc360e347f5d4e1c154ec1e3185f11acd	2022-10-03

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Matrix Search vendor "Matrix"		Matrix-rust-sdk Search vendor "Matrix" for product "Matrix-rust-sdk"				< 0.6 Search vendor "Matrix" for product "Matrix-rust-sdk" and version " < 0.6"		-		Affected