Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
A logic error in the room key sharing functionality of matrix-js-sdk (aka Matrix Javascript SDK) before 12.4.1 allows a malicious Matrix homeserver present in an encrypted room to steal room encryption keys (via crafted Matrix protocol messages) that were originally sent by affected Matrix clients participating in that room. This allows the homeserver to decrypt end-to-end encrypted messages sent by affected clients.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Matrix 加密问题漏洞
Vulnerability Description
Matrix是一个雄心勃勃的新生态系统,用于开放联合即时消息和 VoIP。 Matrix Javascript SDK 12.4.1之前版本存在加密问题漏洞,该漏洞源于设备的房间钥匙共享功能存在逻辑错误,导致身份验证不充分,从而可以冒充请求钥匙的设备。
CVSS Information
N/A
Vulnerability Type
N/A