CVE-2021-40823

MEDIUM Year: 2021
CVSS v3 Score
5.9
Medium
CVSS v2 Score
4.3
Medium
Weakness Type
CWE-290
View all →

Vulnerability Description

A logic error in the room key sharing functionality of matrix-js-sdk (aka Matrix Javascript SDK) before 12.4.1 allows a malicious Matrix homeserver present in an encrypted room to steal room encryption keys (via crafted Matrix protocol messages) that were originally sent by affected Matrix clients participating in that room. This allows the homeserver to decrypt end-to-end encrypted messages sent by affected clients.

Related Vulnerabilities

CVE-2013-5661

MEDIUM
CVSS:5.9(Medium)

Cache Poisoning issue exists in DNS Response Rate Limiting.

CWE-2902013

CVE-2019-1318

MEDIUM
CVSS:5.9(Medium)

A spoofing vulnerability exists when Transport Layer Security (TLS) accesses non- Extended Master Secret (EMS) sessions, aka 'Microsoft Windows Transport Layer Security Spoofing Vulnerability'.

CWE-2902019

CVE-2021-21310

MEDIUM
CVSS:5.9(Medium)

NextAuth.js (next-auth) is am open source authentication solution for Next.js applications. In next-auth before version 3.3.0 there is a token verification vulnerability. Implementations using the Pri...

CWE-2902021

CVE-2021-40824

MEDIUM
CVSS:5.9(Medium)

A logic error in the room key sharing functionality of Element Android before 1.2.2 and matrix-android-sdk2 (aka Matrix SDK for Android) before 1.2.2 allows a malicious Matrix homeserver present in an...

CWE-2902021

CVE-2022-38712

MEDIUM
CVSS:5.9(Medium)

"IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 Web services could allow a man-in-the-middle attacker to conduct SOAPAction spoofing to execute unwanted or unauthorized operations. IBM X-Forc...

CWE-2902022