Search for vulnerabilities
Vulnerability details: VCID-urt4-v2ca-2beg
Vulnerability ID VCID-urt4-v2ca-2beg
Aliases CVE-2024-47080
GHSA-4jf8-g8wp-cx7c
Summary Matrix JavaScript SDK's key history sharing could share keys to malicious devices ### Impact In matrix-js-sdk versions 9.11.0 through 34.7.0, the method `MatrixClient.sendSharedHistoryKeys` is vulnerable to interception by malicious homeservers. The method implements functionality proposed in [MSC3061](https://github.com/matrix-org/matrix-spec-proposals/pull/3061) and can be used by clients to share historical message keys with newly invited users, granting them access to past messages in the room. However, it unconditionally sends these "shared" keys to all of the invited user's devices, regardless of whether the user's cryptographic identity is verified or whether the user's devices are signed by that identity. This allows the attacker to potentially inject its own devices to receive sensitive historical keys without proper security checks. Note that this only affects clients running the SDK with the legacy crypto stack. Clients using the new Rust cryptography stack (i.e. those that call `MatrixClient.initRustCrypto()` instead of `MatrixClient.initCrypto()`) are unaffected by this vulnerability, because `MatrixClient.sendSharedHistoryKeys()` raises an exception in such environments. ### Patches Fixed in matrix-js-sdk 34.8.0 by removing the vulnerable functionality. ### Workarounds Remove use of affected functionality from clients. ### References - [MSC3061](https://github.com/matrix-org/matrix-spec-proposals/pull/3061) ### For more information If you have any questions or comments about this advisory, please email us at [security at matrix.org](mailto:security@matrix.org).
Status Published
Exploitability 0.5
Weighted Severity 8.0
Risk 4.0
Affected and Fixed Packages Package Details
Weaknesses (4)
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
CWE-287 Improper Authentication
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
epss 0.00248 https://api.first.org/data/v1/epss?cve=CVE-2024-47080
epss 0.00248 https://api.first.org/data/v1/epss?cve=CVE-2024-47080
epss 0.00269 https://api.first.org/data/v1/epss?cve=CVE-2024-47080
epss 0.00269 https://api.first.org/data/v1/epss?cve=CVE-2024-47080
epss 0.00269 https://api.first.org/data/v1/epss?cve=CVE-2024-47080
epss 0.00269 https://api.first.org/data/v1/epss?cve=CVE-2024-47080
epss 0.00269 https://api.first.org/data/v1/epss?cve=CVE-2024-47080
epss 0.00269 https://api.first.org/data/v1/epss?cve=CVE-2024-47080
epss 0.00269 https://api.first.org/data/v1/epss?cve=CVE-2024-47080
epss 0.00269 https://api.first.org/data/v1/epss?cve=CVE-2024-47080
epss 0.00269 https://api.first.org/data/v1/epss?cve=CVE-2024-47080
epss 0.00269 https://api.first.org/data/v1/epss?cve=CVE-2024-47080
epss 0.00316 https://api.first.org/data/v1/epss?cve=CVE-2024-47080
epss 0.00316 https://api.first.org/data/v1/epss?cve=CVE-2024-47080
epss 0.00316 https://api.first.org/data/v1/epss?cve=CVE-2024-47080
epss 0.00316 https://api.first.org/data/v1/epss?cve=CVE-2024-47080
epss 0.00316 https://api.first.org/data/v1/epss?cve=CVE-2024-47080
epss 0.00316 https://api.first.org/data/v1/epss?cve=CVE-2024-47080
epss 0.00316 https://api.first.org/data/v1/epss?cve=CVE-2024-47080
epss 0.00316 https://api.first.org/data/v1/epss?cve=CVE-2024-47080
epss 0.00316 https://api.first.org/data/v1/epss?cve=CVE-2024-47080
epss 0.00316 https://api.first.org/data/v1/epss?cve=CVE-2024-47080
epss 0.00316 https://api.first.org/data/v1/epss?cve=CVE-2024-47080
epss 0.00316 https://api.first.org/data/v1/epss?cve=CVE-2024-47080
epss 0.00316 https://api.first.org/data/v1/epss?cve=CVE-2024-47080
epss 0.00316 https://api.first.org/data/v1/epss?cve=CVE-2024-47080
epss 0.00316 https://api.first.org/data/v1/epss?cve=CVE-2024-47080
epss 0.00316 https://api.first.org/data/v1/epss?cve=CVE-2024-47080
epss 0.00316 https://api.first.org/data/v1/epss?cve=CVE-2024-47080
cvssv3.1_qr HIGH https://github.com/advisories/GHSA-4jf8-g8wp-cx7c
generic_textual HIGH https://github.com/matrix-org/matrix-js-sdk
cvssv4 8.7 https://github.com/matrix-org/matrix-js-sdk/commit/2fb1e659c81f75253c047832dc9dcc2beddfac5f
generic_textual HIGH https://github.com/matrix-org/matrix-js-sdk/commit/2fb1e659c81f75253c047832dc9dcc2beddfac5f
ssvc Track https://github.com/matrix-org/matrix-js-sdk/commit/2fb1e659c81f75253c047832dc9dcc2beddfac5f
cvssv3.1_qr HIGH https://github.com/matrix-org/matrix-js-sdk/security/advisories/GHSA-4jf8-g8wp-cx7c
cvssv4 8.7 https://github.com/matrix-org/matrix-js-sdk/security/advisories/GHSA-4jf8-g8wp-cx7c
generic_textual HIGH https://github.com/matrix-org/matrix-js-sdk/security/advisories/GHSA-4jf8-g8wp-cx7c
ssvc Track https://github.com/matrix-org/matrix-js-sdk/security/advisories/GHSA-4jf8-g8wp-cx7c
cvssv4 8.7 https://github.com/matrix-org/matrix-spec-proposals/pull/3061
generic_textual HIGH https://github.com/matrix-org/matrix-spec-proposals/pull/3061
ssvc Track https://github.com/matrix-org/matrix-spec-proposals/pull/3061
generic_textual HIGH https://nvd.nist.gov/vuln/detail/CVE-2024-47080
Reference id Reference type URL
https://api.first.org/data/v1/epss?cve=CVE-2024-47080
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47080
https://github.com/matrix-org/matrix-js-sdk
https://github.com/matrix-org/matrix-js-sdk/commit/2fb1e659c81f75253c047832dc9dcc2beddfac5f
https://github.com/matrix-org/matrix-js-sdk/security/advisories/GHSA-4jf8-g8wp-cx7c
https://github.com/matrix-org/matrix-spec-proposals/pull/3061
https://nvd.nist.gov/vuln/detail/CVE-2024-47080
GHSA-4jf8-g8wp-cx7c https://github.com/advisories/GHSA-4jf8-g8wp-cx7c
No exploits are available.
Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N Found at https://github.com/matrix-org/matrix-js-sdk/commit/2fb1e659c81f75253c047832dc9dcc2beddfac5f
Attack Vector (AV) Attack Complexity (AC) Attack Requirements (AT) Privileges Required (PR) User Interaction (UI) Vulnerable System Impact Confidentiality (VC) Vulnerable System Impact Integrity (VI) Vulnerable System Impact Availability (VA) Subsequent System Impact Confidentiality (SC) Subsequent System Impact Integrity (SI) Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-15T17:34:15Z/ Found at https://github.com/matrix-org/matrix-js-sdk/commit/2fb1e659c81f75253c047832dc9dcc2beddfac5f
Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N Found at https://github.com/matrix-org/matrix-js-sdk/security/advisories/GHSA-4jf8-g8wp-cx7c
Attack Vector (AV) Attack Complexity (AC) Attack Requirements (AT) Privileges Required (PR) User Interaction (UI) Vulnerable System Impact Confidentiality (VC) Vulnerable System Impact Integrity (VI) Vulnerable System Impact Availability (VA) Subsequent System Impact Confidentiality (SC) Subsequent System Impact Integrity (SI) Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-15T17:34:15Z/ Found at https://github.com/matrix-org/matrix-js-sdk/security/advisories/GHSA-4jf8-g8wp-cx7c
Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N Found at https://github.com/matrix-org/matrix-spec-proposals/pull/3061
Attack Vector (AV) Attack Complexity (AC) Attack Requirements (AT) Privileges Required (PR) User Interaction (UI) Vulnerable System Impact Confidentiality (VC) Vulnerable System Impact Integrity (VI) Vulnerable System Impact Availability (VA) Subsequent System Impact Confidentiality (SC) Subsequent System Impact Integrity (SI) Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-15T17:34:15Z/ Found at https://github.com/matrix-org/matrix-spec-proposals/pull/3061
Exploit Prediction Scoring System (EPSS)
Percentile 0.48038
EPSS Score 0.00248
Published At July 30, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2025-07-31T08:30:05.217455+00:00 GithubOSV Importer Import https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/10/GHSA-4jf8-g8wp-cx7c/GHSA-4jf8-g8wp-cx7c.json 37.0.0