Description

matrix-react-sdk is a react-based SDK for inserting a Matrix chat/voip client into a web page. A malicious homeserver could manipulate a user's account data to cause the client to enable URL previews in end-to-end encrypted rooms, in which case any URLs in encrypted messages would be sent to the server. This was patched in matrix-react-sdk 3.105.0. Deployments that trust their homeservers, as well as closed federations of trusted servers, are not affected. Users are advised to upgrade. There are no known workarounds for this vulnerability.

INFO

Published Date :

2024-08-06T17:16:14.143Z

Last Modified :

2024-08-08T18:48:19.919Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2024-42347 vulnerability.

Vendors Products
Matrix
  • Matrix-react-sdk
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-42347.

URL Resource
https://github.com/matrix-org/matrix-react-sdk/releases/tag/v3.105.1 cve-icon cve-icon
https://github.com/matrix-org/matrix-react-sdk/security/advisories/GHSA-f83w-wqhc-cfp4 cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact