Software Development Kit
CVE-2022-39246
MEDIUM
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Lifecycle Timeline
1DescriptionNVD
matrix-android-sdk2 is the Matrix SDK for Android. Prior to version 1.5.1, an attacker cooperating with a malicious homeserver can construct messages appearing to have come from another person. Such messages will be marked with a grey shield on some platforms, but this may be missing in others. This attack is possible due to the key forwarding strategy implemented in the matrix-android-sdk2 that is too permissive. Starting with version 1.5.1, the default policy for accepting key forwards has been made more strict in the matrix-android-sdk2. The matrix-android-sdk2 will now only accept forwarded keys in response to previously issued requests and only from own, verified devices. The SDK now sets a trusted flag on the decrypted message upon decryption, based on whether the key used to decrypt the message was received from a trusted source. Clients need to ensure that messages decrypted with a key with trusted = false are decorated appropriately (for example, by showing a warning for such messages). As a workaroubnd, current users of the SDK can disable key forwarding in their forks using CryptoService#enableKeyGossiping(enable: Boolean).
AnalysisAI
matrix-android-sdk2 is the Matrix SDK for Android. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.
Technical ContextAI
This vulnerability is classified as Improper Authentication (CWE-287), which allows attackers to bypass authentication mechanisms to gain unauthorized access. matrix-android-sdk2 is the Matrix SDK for Android. Prior to version 1.5.1, an attacker cooperating with a malicious homeserver can construct messages appearing to have come from another person. Such messages will be marked with a grey shield on some platforms, but this may be missing in others. This attack is possible due to the key forwarding strategy implemented in the matrix-android-sdk2 that is too permissive. Starting with version 1.5.1, the default policy for accepting key forwards has been made more strict in the matrix-android-sdk2. The matrix-android-sdk2 will now only accept forwarded keys in response to previously issued requests and only from own, verified devices. The SDK now sets a trusted flag on the decrypted message upon decryption, based on whether the key used to decrypt the message was received from a trusted source. Clients need to ensure that messages decrypted with a key with trusted = false are decorated appropriately (for example, by showing a warning for such messages). As a workaroubnd, current users of the SDK can disable key forwarding in their forks using CryptoService#enableKeyGossiping(enable: Boolean). Affected products include: Matrix Software Development Kit. Version information: version 1.5.1.
RemediationAI
A vendor patch is available. Apply the latest security update as soon as possible. Implement multi-factor authentication, enforce strong password policies, use proven authentication frameworks.
More in Software Development Kit
View allA Prototype Pollution issue in Aliconnect /sdk v.0.0.6 allows an attacker to execute arbitrary code via the aim function
In wlan service, there is a possible out of bounds write due to improper input validation. Rated critical severity (CVSS
In wlan service, there is a possible out of bounds write due to an incorrect bounds check. Rated critical severity (CVSS
In wlan AP FW, there is a possible out of bounds write due to improper input validation. Rated critical severity (CVSS 9
Remote privilege escalation in Android WLAN AP driver via packet injection.
In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local es
In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local es
In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local es
In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local es
In wlan firmware, there is a possible out of bounds write due to improper input validation. Rated critical severity (CVS
In wlan driver, there is a possible out of bounds write due to improper input validation. Rated critical severity (CVSS
In wlan driver, there is a possible out of bounds write due to improper input validation. Rated critical severity (CVSS
Same weakness CWE-287 – Improper Authentication
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today