CVE-2024-40648

`UserIdentity::is_verified` not checking verification status of own user identity while performing the check in matrix-rust-sdk

Severity Score

5.4

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track

*SSVC

Descriptions

matrix-rust-sdk is an implementation of a Matrix client-server library in Rust. The `UserIdentity::is_verified()` method in the matrix-sdk-crypto crate before version 0.7.2 doesn't take into account the verification status of the user's own identity while performing the check and may as a result return a value contrary to what is implied by its name and documentation. If the method is used to decide whether to perform sensitive operations towards a user identity, a malicious homeserver could manipulate the outcome in order to make the identity appear trusted. This is not a typical usage of the method, which lowers the impact. The method itself is not used inside the `matrix-sdk-crypto` crate. The 0.7.2 release of the `matrix-sdk-crypto` crate includes a fix. All users are advised to upgrade. There are no known workarounds for this vulnerability.

Matrix-rust-sdk es una implementación de una librería cliente-servidor Matrix en Rust. El método `UserIdentity::is_verified()` en la caja Matrix-sdk-crypto anterior a la versión 0.7.2 no tiene en cuenta el estado de verificación de la propia identidad del usuario al realizar la verificación y, como resultado, puede devolver un valor contrario. a lo que implica su nombre y documentación. Si el método se utiliza para decidir si se realizan operaciones confidenciales con respecto a la identidad de un usuario, un servidor doméstico malicioso podría manipular el resultado para que la identidad parezca confiable. Este no es un uso típico del método, lo que reduce el impacto. El método en sí no se utiliza dentro de la caja `matrix-sdk-crypto`. La versión 0.7.2 de la caja `matrix-sdk-crypto` incluye una solución. Se recomienda a todos los usuarios que actualicen. No se conocen workarounds para esta vulnerabilidad.

*Credits: N/A

CVSS Scores

GitHubv3.1 5.4

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

Low

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:Track

Exploitation

None

Automatable

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2024-07-08 CVE Reserved
2024-07-18 CVE Published
2024-07-19 EPSS Updated
2024-08-02 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-287: Improper Authentication

CAPEC

References (2)

URL	Tag	Source
https://github.com/matrix-org/matrix-rust-sdk/commit/76a7052149bb8f722df12da915b3a06d19a6695a	X_refsource_misc
https://github.com/matrix-org/matrix-rust-sdk/security/advisories/GHSA-4qg4-cvh2-crgg	X_refsource_confirm

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Matrix-org Search vendor "Matrix-org"		Matrix-rust-sdk Search vendor "Matrix-org" for product "Matrix-rust-sdk"				< 0.7.2 Search vendor "Matrix-org" for product "Matrix-rust-sdk" and version " < 0.7.2"		en		Affected