Matrix JavaScript SDK's key history sharing could share keys to malicious devices
- Severity:
- High
Description
In matrix-js-sdk versions 9.11.0 through 34.7.0, the method MatrixClient.sendSharedHistoryKeys is vulnerable to interception by malicious homeservers. The method implements functionality proposed in MSC3061 and can be used by clients to share historical message keys with newly invited users, granting them access to past messages in the room.
Recommendation
Update the matrix-js-sdk package to the latest compatible version. Followings are version details:
- Affected version(s): >= 9.11.0, < 34.8.0
- Patched version(s): 34.8.0
References
Related Issues
- matrix-js-sdk subject to user impersonation due to key/device identifier confusion in SAS verification - CVE-2022-39250
- matrix-js-sdk subject to impersonated messages due to permissive key forwarding - CVE-2022-39249
- matrix-js-sdk will freeze when a user sets a room with itself as a its predecessor - CVE-2024-42369
- matrix-js-sdk can be tricked into disclosing E2EE room keys to a participating homeserver - CVE-2021-40823
- Tags:
- npm
- matrix-js-sdk
Anything's wrong? Let us know Last updated on October 15, 2024