- Reported
-
- Issued
-
- Package
-
matrix-sdk-crypto
(crates.io)
- Type
-
Vulnerability
- Aliases
-
- References
-
- CVSS Score
- 7.5
HIGH
- CVSS Details
-
- Attack vector
- Network
- Attack complexity
- Low
- Privileges required
- None
- User interaction
- None
- Scope
- Unchanged
- Confidentiality
- None
- Integrity
- High
- Availability
- None
- CVSS Vector
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
- Patched
-
Description
When the user receives a forwarded room key, the software accepts it without
checking who the room key came from. This allows homeservers to try to insert
room keys of questionable validity, potentially mounting an impersonation attack.
Advisory available under CC0-1.0
license.