VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-yt65-cbwm-qyg5

Essentials
Severities (94)
References (8)
Severity details (10)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-yt65-cbwm-qyg5
Aliases	CVE-2024-47080 GHSA-4jf8-g8wp-cx7c
Summary	matrix-js-sdk is the Matrix Client-Server SDK for JavaScript and TypeScript. In matrix-js-sdk versions versions 9.11.0 through 34.7.0, the method `MatrixClient.sendSharedHistoryKeys` is vulnerable to interception by malicious homeservers. The method was introduced by MSC3061) and is commonly used to share historical message keys with newly invited users, granting them access to past messages in the room. However, it unconditionally sends these "shared" keys to all of the invited user's devices, regardless of whether the user's cryptographic identity is verified or whether the user's devices are signed by that identity. This allows the attacker to potentially inject its own devices to receive sensitive historical keys without proper security checks. Note that this only affects clients running the SDK with the legacy crypto stack. Clients using the new Rust cryptography stack (i.e. those that call `MatrixClient.initRustCrypto()` instead of `MatrixClient.initCrypto()`) are unaffected by this vulnerability, because `MatrixClient.sendSharedHistoryKeys()` raises an exception in such environments. The vulnerability was fixed in matrix-js-sdk 34.8.0 by removing the vulnerable functionality. As a workaround, remove use of affected functionality from clients.
Status	Published
Exploitability	0.5
Weighted Severity	8.0
Risk	4.0
Affected and Fixed Packages	Package Details

Weaknesses (4)

CWE-200	Exposure of Sensitive Information to an Unauthorized Actor
CWE-287	Improper Authentication
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities

System	Score	Found at
epss	0.00045	https://api.first.org/data/v1/epss?cve=CVE-2024-47080
epss	0.00045	https://api.first.org/data/v1/epss?cve=CVE-2024-47080
epss	0.00045	https://api.first.org/data/v1/epss?cve=CVE-2024-47080
epss	0.00045	https://api.first.org/data/v1/epss?cve=CVE-2024-47080
epss	0.00045	https://api.first.org/data/v1/epss?cve=CVE-2024-47080
epss	0.00045	https://api.first.org/data/v1/epss?cve=CVE-2024-47080
epss	0.00045	https://api.first.org/data/v1/epss?cve=CVE-2024-47080
epss	0.00045	https://api.first.org/data/v1/epss?cve=CVE-2024-47080
epss	0.00045	https://api.first.org/data/v1/epss?cve=CVE-2024-47080
epss	0.00045	https://api.first.org/data/v1/epss?cve=CVE-2024-47080
epss	0.00045	https://api.first.org/data/v1/epss?cve=CVE-2024-47080
epss	0.00045	https://api.first.org/data/v1/epss?cve=CVE-2024-47080
epss	0.00045	https://api.first.org/data/v1/epss?cve=CVE-2024-47080
epss	0.00045	https://api.first.org/data/v1/epss?cve=CVE-2024-47080
epss	0.00045	https://api.first.org/data/v1/epss?cve=CVE-2024-47080
epss	0.00045	https://api.first.org/data/v1/epss?cve=CVE-2024-47080
epss	0.00171	https://api.first.org/data/v1/epss?cve=CVE-2024-47080
epss	0.00171	https://api.first.org/data/v1/epss?cve=CVE-2024-47080
epss	0.00171	https://api.first.org/data/v1/epss?cve=CVE-2024-47080
epss	0.00171	https://api.first.org/data/v1/epss?cve=CVE-2024-47080
epss	0.00171	https://api.first.org/data/v1/epss?cve=CVE-2024-47080
epss	0.00171	https://api.first.org/data/v1/epss?cve=CVE-2024-47080
epss	0.00171	https://api.first.org/data/v1/epss?cve=CVE-2024-47080
epss	0.00171	https://api.first.org/data/v1/epss?cve=CVE-2024-47080
epss	0.00171	https://api.first.org/data/v1/epss?cve=CVE-2024-47080
epss	0.00171	https://api.first.org/data/v1/epss?cve=CVE-2024-47080
epss	0.00171	https://api.first.org/data/v1/epss?cve=CVE-2024-47080
epss	0.00171	https://api.first.org/data/v1/epss?cve=CVE-2024-47080
epss	0.00171	https://api.first.org/data/v1/epss?cve=CVE-2024-47080
epss	0.00171	https://api.first.org/data/v1/epss?cve=CVE-2024-47080
epss	0.00171	https://api.first.org/data/v1/epss?cve=CVE-2024-47080
epss	0.00175	https://api.first.org/data/v1/epss?cve=CVE-2024-47080
epss	0.00175	https://api.first.org/data/v1/epss?cve=CVE-2024-47080
epss	0.00175	https://api.first.org/data/v1/epss?cve=CVE-2024-47080
epss	0.00175	https://api.first.org/data/v1/epss?cve=CVE-2024-47080
epss	0.00175	https://api.first.org/data/v1/epss?cve=CVE-2024-47080
epss	0.00175	https://api.first.org/data/v1/epss?cve=CVE-2024-47080
epss	0.00175	https://api.first.org/data/v1/epss?cve=CVE-2024-47080
epss	0.00175	https://api.first.org/data/v1/epss?cve=CVE-2024-47080
epss	0.00175	https://api.first.org/data/v1/epss?cve=CVE-2024-47080
epss	0.00175	https://api.first.org/data/v1/epss?cve=CVE-2024-47080
epss	0.00175	https://api.first.org/data/v1/epss?cve=CVE-2024-47080
epss	0.00175	https://api.first.org/data/v1/epss?cve=CVE-2024-47080
epss	0.00175	https://api.first.org/data/v1/epss?cve=CVE-2024-47080
epss	0.00175	https://api.first.org/data/v1/epss?cve=CVE-2024-47080
epss	0.00175	https://api.first.org/data/v1/epss?cve=CVE-2024-47080
epss	0.00175	https://api.first.org/data/v1/epss?cve=CVE-2024-47080
epss	0.00175	https://api.first.org/data/v1/epss?cve=CVE-2024-47080
epss	0.00175	https://api.first.org/data/v1/epss?cve=CVE-2024-47080
epss	0.00175	https://api.first.org/data/v1/epss?cve=CVE-2024-47080
epss	0.00175	https://api.first.org/data/v1/epss?cve=CVE-2024-47080
epss	0.00175	https://api.first.org/data/v1/epss?cve=CVE-2024-47080
epss	0.00188	https://api.first.org/data/v1/epss?cve=CVE-2024-47080
epss	0.00188	https://api.first.org/data/v1/epss?cve=CVE-2024-47080
epss	0.00188	https://api.first.org/data/v1/epss?cve=CVE-2024-47080
epss	0.00188	https://api.first.org/data/v1/epss?cve=CVE-2024-47080
epss	0.00188	https://api.first.org/data/v1/epss?cve=CVE-2024-47080
epss	0.00188	https://api.first.org/data/v1/epss?cve=CVE-2024-47080
epss	0.00188	https://api.first.org/data/v1/epss?cve=CVE-2024-47080
epss	0.00188	https://api.first.org/data/v1/epss?cve=CVE-2024-47080
epss	0.00188	https://api.first.org/data/v1/epss?cve=CVE-2024-47080
epss	0.00211	https://api.first.org/data/v1/epss?cve=CVE-2024-47080
epss	0.00211	https://api.first.org/data/v1/epss?cve=CVE-2024-47080
epss	0.00211	https://api.first.org/data/v1/epss?cve=CVE-2024-47080
epss	0.00211	https://api.first.org/data/v1/epss?cve=CVE-2024-47080
epss	0.00211	https://api.first.org/data/v1/epss?cve=CVE-2024-47080
epss	0.00211	https://api.first.org/data/v1/epss?cve=CVE-2024-47080
epss	0.00211	https://api.first.org/data/v1/epss?cve=CVE-2024-47080
epss	0.00211	https://api.first.org/data/v1/epss?cve=CVE-2024-47080
epss	0.00211	https://api.first.org/data/v1/epss?cve=CVE-2024-47080
epss	0.00211	https://api.first.org/data/v1/epss?cve=CVE-2024-47080
epss	0.00211	https://api.first.org/data/v1/epss?cve=CVE-2024-47080
epss	0.00211	https://api.first.org/data/v1/epss?cve=CVE-2024-47080
epss	0.00211	https://api.first.org/data/v1/epss?cve=CVE-2024-47080
epss	0.00211	https://api.first.org/data/v1/epss?cve=CVE-2024-47080
epss	0.00211	https://api.first.org/data/v1/epss?cve=CVE-2024-47080
epss	0.00211	https://api.first.org/data/v1/epss?cve=CVE-2024-47080
epss	0.00211	https://api.first.org/data/v1/epss?cve=CVE-2024-47080
epss	0.00211	https://api.first.org/data/v1/epss?cve=CVE-2024-47080
epss	0.00211	https://api.first.org/data/v1/epss?cve=CVE-2024-47080
epss	0.00211	https://api.first.org/data/v1/epss?cve=CVE-2024-47080
epss	0.00211	https://api.first.org/data/v1/epss?cve=CVE-2024-47080
epss	0.00211	https://api.first.org/data/v1/epss?cve=CVE-2024-47080
epss	0.0043	https://api.first.org/data/v1/epss?cve=CVE-2024-47080
cvssv3.1_qr	HIGH	https://github.com/advisories/GHSA-4jf8-g8wp-cx7c
cvssv3.1	4.1	https://github.com/matrix-org/matrix-js-sdk
generic_textual	HIGH	https://github.com/matrix-org/matrix-js-sdk
cvssv4	8.7	https://github.com/matrix-org/matrix-js-sdk/commit/2fb1e659c81f75253c047832dc9dcc2beddfac5f
ssvc	Track	https://github.com/matrix-org/matrix-js-sdk/commit/2fb1e659c81f75253c047832dc9dcc2beddfac5f
cvssv3.1_qr	HIGH	https://github.com/matrix-org/matrix-js-sdk/security/advisories/GHSA-4jf8-g8wp-cx7c
cvssv4	8.7	https://github.com/matrix-org/matrix-js-sdk/security/advisories/GHSA-4jf8-g8wp-cx7c
ssvc	Track	https://github.com/matrix-org/matrix-js-sdk/security/advisories/GHSA-4jf8-g8wp-cx7c
cvssv3.1	7.5	https://github.com/matrix-org/matrix-spec-proposals/pull/3061
generic_textual	HIGH	https://github.com/matrix-org/matrix-spec-proposals/pull/3061

Reference id	Reference type	URL
		https://api.first.org/data/v1/epss?cve=CVE-2024-47080
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47080
		https://github.com/matrix-org/matrix-js-sdk
		https://github.com/matrix-org/matrix-spec-proposals/pull/3061
2fb1e659c81f75253c047832dc9dcc2beddfac5f		https://github.com/matrix-org/matrix-js-sdk/commit/2fb1e659c81f75253c047832dc9dcc2beddfac5f
CVE-2024-47080		https://nvd.nist.gov/vuln/detail/CVE-2024-47080
GHSA-4jf8-g8wp-cx7c		https://github.com/advisories/GHSA-4jf8-g8wp-cx7c
GHSA-4jf8-g8wp-cx7c		https://github.com/matrix-org/matrix-js-sdk/security/advisories/GHSA-4jf8-g8wp-cx7c

No exploits are available.

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:N/A:L Found at https://github.com/matrix-org/matrix-js-sdk

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N Found at https://github.com/matrix-org/matrix-js-sdk/commit/2fb1e659c81f75253c047832dc9dcc2beddfac5f

Attack Vector (AV)	Attack Complexity (AC)	Attack Requirements (AT)	Privileges Required (PR)	User Interaction (UI)	Vulnerable System Impact Confidentiality (VC)	Vulnerable System Impact Integrity (VI)	Vulnerable System Impact Availability (VA)	Subsequent System Impact Confidentiality (SC)	Subsequent System Impact Integrity (SI)	Subsequent System Impact Availability (SA)
network adjacent local physical	low high	none present	none low high	none passive active	high low none	high low none	high low none	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Attack Requirements (AT)

Privileges Required (PR)

User Interaction (UI)

Vulnerable System Impact Confidentiality (VC)

Vulnerable System Impact Integrity (VI)

Vulnerable System Impact Availability (VA)

Subsequent System Impact Confidentiality (SC)

Subsequent System Impact Integrity (SI)

Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-15T17:34:15Z/ Found at https://github.com/matrix-org/matrix-js-sdk/commit/2fb1e659c81f75253c047832dc9dcc2beddfac5f

Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N Found at https://github.com/matrix-org/matrix-js-sdk/security/advisories/GHSA-4jf8-g8wp-cx7c

Attack Vector (AV)	Attack Complexity (AC)	Attack Requirements (AT)	Privileges Required (PR)	User Interaction (UI)	Vulnerable System Impact Confidentiality (VC)	Vulnerable System Impact Integrity (VI)	Vulnerable System Impact Availability (VA)	Subsequent System Impact Confidentiality (SC)	Subsequent System Impact Integrity (SI)	Subsequent System Impact Availability (SA)
network adjacent local physical	low high	none present	none low high	none passive active	high low none	high low none	high low none	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Attack Requirements (AT)

Privileges Required (PR)

User Interaction (UI)

Vulnerable System Impact Confidentiality (VC)

Vulnerable System Impact Integrity (VI)

Vulnerable System Impact Availability (VA)

Subsequent System Impact Confidentiality (SC)

Subsequent System Impact Integrity (SI)

Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-15T17:34:15Z/ Found at https://github.com/matrix-org/matrix-js-sdk/security/advisories/GHSA-4jf8-g8wp-cx7c

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Found at https://github.com/matrix-org/matrix-spec-proposals/pull/3061

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Exploit Prediction Scoring System (EPSS)

Percentile	0.16666
EPSS Score	0.00045
Published At	Nov. 1, 2024, midnight

Date	Actor	Action	Source	VulnerableCode Version
2024-10-16T03:51:30.437733+00:00	Vulnrichment	Import	https://github.com/cisagov/vulnrichment/blob/develop/2024/47xxx/CVE-2024-47080.json	34.0.2