Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

deps: Update dependency matrix-js-sdk to v34 [SECURITY] #3185

Open
wants to merge 1 commit into
base: master
Choose a base branch
from

Conversation

renovate[bot]
Copy link
Contributor

@renovate renovate bot commented Sep 29, 2022

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
matrix-js-sdk ^19.5.0 -> ^34.0.0 age adoption passing confidence

GitHub Vulnerability Alerts

CVE-2022-39236

Impact

Improperly formed beacon events (from MSC3488) can disrupt or impede the matrix-js-sdk from functioning properly, potentially impacting the consumer's ability to process data safely. Note that the matrix-js-sdk can appear to be operating normally but be excluding or corrupting runtime data presented to the consumer.

Patches

This is patched in matrix-js-sdk v19.7.0

Workarounds

Redacting applicable events, waiting for the sync processor to store data, and restarting the client can often fix it. Alternatively, redacting the applicable events and clearing all storage will fix the further perceived issues.

Downgrading to an unaffected version, noting that such a version may be subject to other vulnerabilities, will additionally resolve the issue.

References

N/A - This was a logic error in the SDK.

For more information

If you have any questions or comments about this advisory please email us at security at matrix.org.

CVE-2022-39249

Impact

An attacker cooperating with a malicious homeserver can construct messages appearing to have come from another person. Such messages will be marked with a grey shield on some platforms, but this may be missing in others.

This attack is possible due to the matrix-js-sdk implementing a too permissive key forwarding strategy on the receiving end.

Key forwarding is a mechanism allowing clients to recover from “unable to decrypt” messages when they missed the initial key distribution, at the time the message was originally sent. Examples include accessing message history before they joined the room but also when some network/federation errors have occurred.

Patches

The default policy for accepting key forwards has been made more strict in the matrix-js-sdk. matrix-js-sdk will now only accept forwarded keys in response to previously issued requests and only from own, verified devices.

A unique exception to this rule is with the experimental MSC3061, that is forwarding room keys for past messages when invited in a room configured with the proper history visibility setting. Such key forwards are parked upon receipt and are only accepted if the SDK receives an invitation for that room from the inviter in a limited time window.

The SDK now sets a trusted flag on the decrypted message upon decryption, based on whether the key used to decrypt the message was received from a trusted source. Clients need to ensure that messages decrypted with a key with trusted = false are decorated appropriately (for example, by showing a warning for such messages).

Workarounds

As this attack requires coordination between a malicious homeserver and an attacker, if you trust your homeserver, no particular workaround is needed.

References

Blog post: https://matrix.org/blog/2022/09/28/upgrade-now-to-address-encryption-vulns-in-matrix-sdks-and-clients

For more information

If you have any questions or comments about this advisory, e-mail us at [email protected].

CVE-2022-39251

Impact

An attacker cooperating with a malicious homeserver can construct messages that legitimately appear to have come from another person, without any indication such as a grey shield.

Additionally, a sophisticated attacker cooperating with a malicious homeserver could employ this vulnerability to perform a targeted attack in order to send fake to-device messages appearing to originate from another user. This can allow, for example, to inject the key backup secret during a self-verification, to make a targeted device start using a malicious key backup spoofed by the homeserver.

These attacks are possible due to a protocol confusion vulnerability that accepts to-device messages encrypted with Megolm instead of Olm.

Patches

matrix-js-sdk has been modified to only accept Olm-encrypted to-device messages.

Out of caution, several other checks have been audited or added:

  • Cleartext m.room_key, m.forwarded_room_key and m.secret.send to_device messages are discarded.
  • Secrets received from untrusted devices are discarded.
  • Key backups are only usable if they have a valid signature from a trusted device (no more local trust, or trust-on-decrypt).
  • The origin of a to-device message should only be determined by observing the Olm session which managed to decrypt the message, and not by using claimed sender_key, user_id, or any other fields controllable by the homeserver.

Workarounds

As this attack requires coordination between a malicious home server and an attacker, if you trust your home server no particular workaround is needed. Notice that the backup spoofing attack is a particularly sophisticated targeted attack.

We are not aware of this attack being used in the wild, though specifying a false positive-free way of noticing malicious key backups key is challenging.

As an abundance of caution, to avoid malicious backup attacks, you should not verify your new logins using emoji/QR verifications methods until patched. Prefer verifying with your security passphrase instead.

References

Blog post: https://matrix.org/blog/2022/09/28/upgrade-now-to-address-encryption-vulns-in-matrix-sdks-and-clients

For more information

If you have any questions or comments about this advisory, e-mail us at [email protected].

CVE-2022-39250

Impact

An attacker cooperating with a malicious homeserver could interfere with the verification flow between two users, injecting its own cross-signing user identity in place of one of the users’ identities, leading to the other device trusting/verifying the user identity under the control of the homeserver instead of the intended one.

The vulnerability is a bug in the matrix-js-sdk, caused by checking and signing user identities and devices in two separate steps, and inadequately fixing the keys to be signed between those steps.

Even though the attack is partly made possible due to the design decision of treating cross-signing user identities as Matrix devices on the server side (with their device ID set to the public part of the user identity key), no other examined implementations were vulnerable.

Patches

The matrix-js-sdk has been modified to double check that the key signed is the one that was verified instead of just referencing the key by ID. An additional check has been made to report an error when one of the device ID matches a cross-signing key.

Workarounds

As this attack requires coordination between a malicious homeserver and an attacker -- if you trust your homeserver no particular workaround is needed.

As a potential way of detecting compromise, it’s possible to review your device list or the device list of other users for devices with IDs in the form of a base64 cross-signing key (5XaczGNlfz0bl8R1IX5qn+tBoue2tWJqLMh+SDUuvCk) instead of classical device ID (SEHACYDHMG).

References

Blog post: https://matrix.org/blog/2022/09/28/upgrade-now-to-address-encryption-vulns-in-matrix-sdks-and-clients

For more information

If you have any questions or comments about this advisory, e-mail us at [email protected]

CVE-2023-28427

Impact

In certain configurations, data sent by remote servers containing special strings in key locations could cause modifications of the Object.prototype, disrupting matrix-js-sdk functionality, causing denial of service and potentially affecting program logic.

(This is part 2, where CVE-2022-36059 / GHSA-rfv9-x7hh-xc32 is part 1. Part 2 covers remaining vectors not covered by part 1, found in a codebase audit scheduled after part 1.)

Patches

The issue has been patched in matrix-js-sdk 24.0.0.

Workarounds

None.

References

  • Release blog post
  • The advisory GHSA-rfv9-x7hh-xc32 (CVE-2022-36059) refers to an initial set of vulnerable locations discovered and patched in matrix-js-sdk 19.4.0. We opted not to disclose that advisory while we performed an audit of the codebase and are now disclosing it jointly with this one.

For more information

If you have any questions or comments about this advisory please email us at security at matrix.org.

CVE-2023-29529

Impact

An attacker present in a room where an MSC3401 group call is taking place can eavesdrop on the video and audio of participants using matrix-js-sdk, without their knowledge. To affected matrix-js-sdk users, the attacker will not appear to be participating in the call.

This attack is possible because matrix-js-sdk's group call implementation accepts incoming direct calls from other users, even if they have not yet declared intent to participate in the group call, as a means of resolving a race condition in call setup. Affected versions do not restrict access to the user's outbound media in this case.

Legacy 1:1 calls are unaffected.

Workarounds

Users may hold group calls in private rooms where only the exact users who are expected to participate in the call are present.

CVE-2024-42369

Impact

A malicious homeserver can craft a room or room structure such that the predecessors form a cycle. The matrix-js-sdk's getRoomUpgradeHistory function will infinitely recurse in this case, causing the code to hang. This method is public but also called by the 'leaveRoomChain()' method, so leaving a room will also trigger the bug.

Even if the CVSS score would be 4.1 (AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:N/A:L) we classify this as High severity issue.

Patches

This was patched in matrix-js-sdk 34.3.1.

Workarounds

Sanity check rooms before passing them to the matrix-js-sdk or avoid calling either getRoomUpgradeHistory or leaveRoomChain.

References

N/A.

CVE-2024-47080

Impact

In matrix-js-sdk versions 9.11.0 through 34.7.0, the method MatrixClient.sendSharedHistoryKeys is vulnerable to interception by malicious homeservers. The method implements functionality proposed in MSC3061 and can be used by clients to share historical message keys with newly invited users, granting them access to past messages in the room.

However, it unconditionally sends these "shared" keys to all of the invited user's devices, regardless of whether the user's cryptographic identity is verified or whether the user's devices are signed by that identity. This allows the attacker to potentially inject its own devices to receive sensitive historical keys without proper security checks.

Note that this only affects clients running the SDK with the legacy crypto stack. Clients using the new Rust cryptography stack (i.e. those that call MatrixClient.initRustCrypto() instead of MatrixClient.initCrypto()) are unaffected by this vulnerability, because MatrixClient.sendSharedHistoryKeys() raises an exception in such environments.

Patches

Fixed in matrix-js-sdk 34.8.0 by removing the vulnerable functionality.

Workarounds

Remove use of affected functionality from clients.

References

For more information

If you have any questions or comments about this advisory, please email us at security at matrix.org.

CVE-2024-50336

Summary

matrix-js-sdk before 34.11.0 is vulnerable to client-side path traversal via crafted MXC URIs. A malicious room member can trigger clients based on the matrix-js-sdk to issue arbitrary authenticated GET requests to the client's homeserver.

Details

The Matrix specification demands homeservers to perform validation of the server-name and media-id components of MXC URIs with the intent to prevent path traversal. However, it is not mentioned that a similar check must also be performed on the client to prevent client-side path traversal. matrix-js-sdk fails to perform this validation.

Patches

Fixed in matrix-js-sdk 34.11.1.

Workarounds

None.

References


Release Notes

matrix-org/matrix-js-sdk (matrix-js-sdk)

v34.11.1

Compare Source

====================================================================================================

v34.10.0

Compare Source

====================================================================================================

🦖 Deprecations

  • Deprecate CreateSecretStorageOpts.keyBackupInfo used in CryptoApi.bootstrapSecretStorage. (#​4474). Contributed by @​florianduros.
  • Add CryptoApi.encryptToDeviceMessages() and deprecate Crypto.encryptAndSendToDevices() (#​4380). Contributed by @​hughns.
  • Remove abandoned MSC3886, MSC3903, MSC3906 experimental implementations (#​4469). Contributed by @​t3chguy.
  • Deprecate MatrixClient.getDehydratedDevice (#​4467). Contributed by @​florianduros.
  • Deprecate top level crypto events re-export (#​4444). Contributed by @​florianduros.

✨ Features

  • Add CryptoApi.encryptToDeviceMessages() and deprecate Crypto.encryptAndSendToDevices() (#​4380). Contributed by @​hughns.
  • Do not rotate MatrixRTC media encryption key when a new member joins a session (#​4472). Contributed by @​hughns.
  • Avoid <sender>|<session> notation in log messages (#​4473). Contributed by @​richvdh.
  • Refactor/simplify Promises in MatrixRTCSession (#​4466). Contributed by @​AndrewFerr.
  • Prepare delayed call leave events more reliably (#​4447). Contributed by @​AndrewFerr.

🐛 Bug Fixes

v34.9.0

Compare Source

==================================================================================================

🦖 Deprecations

🐛 Bug Fixes

v34.8.0

Compare Source

==================================================================================================
This release removes insecure functionality, resolving CVE-2024-47080 / GHSA-4jf8-g8wp-cx7c.

v34.7.0

Compare Source

==================================================================================================

🦖 Deprecations

  • RTCSession cleanup: deprecate getKeysForParticipant() and getEncryption(); add emitEncryptionKeys() (#​4427). Contributed by @​hughns.

✨ Features

  • Bump matrix-rust-sdk to 9.1.0 (#​4435). Contributed by @​richvdh.
  • Rotate Matrix RTC media encryption key when a new member joins a call for Post Compromise Security (#​4422). Contributed by @​hughns.
  • Update media event content types to include captions (#​4403). Contributed by @​tulir.
  • Update OIDC registration types to match latest MSC2966 state (#​4432). Contributed by @​t3chguy.
  • Add CryptoApi.pinCurrentUserIdentity and UserIdentity.needsUserApproval (#​4415). Contributed by @​richvdh.

v34.6.0

Compare Source

==================================================================================================

🦖 Deprecations

  • Element-R: Mark unsupported MatrixClient methods as deprecated (#​4389). Contributed by @​richvdh.

✨ Features

v34.5.0

Compare Source

==================================================================================================

🦖 Deprecations

  • Deprecate unused callback hooks CryptoCallbacks.onSecretRequested and CryptoCallbacks.getDehydrationKey (#​4376). Contributed by @​richvdh.

v34.4.0

Compare Source

==================================================================================================

✨ Features

🐛 Bug Fixes

  • Retry event decryption failures on first failure (#​4346). Contributed by @​hughns.
  • Ensure "type" = "module" ES declaration in pre-release.sh (#​4350). Contributed by @​BLCK-B.
  • Handle MatrixRTC encryption keys arriving out of order (#​4345). Contributed by @​hughns.
  • Resend MatrixRTC encryption keys if a membership has changed (#​4343). Contributed by @​hughns.

v34.3.1

Compare Source

==================================================================================================

v34.3.0

Compare Source

==================================================================================================

✨ Features

🐛 Bug Fixes

v34.2.0

Compare Source

==================================================================================================

🐛 Bug Fixes

  • Element-R: detect "withheld key" UTD errors, and mark them as such (#​4302). Contributed by @​richvdh.

v34.1.0

Compare Source

==================================================================================================

✨ Features

  • Add ability to choose how many timeline events to sync when peeking (#​4300). Contributed by @​jgarplind.
  • Remove redundant hack for using the old pickle key in rust crypto (#​4282). Contributed by @​richvdh.
  • Add fetching the well known in embedded mode. (#​4259). Contributed by @​toger5.

🐛 Bug Fixes

v34.0.0

Compare Source

==================================================================================================

🚨 BREAKING CHANGES

✨ Features

🐛 Bug Fixes

v33.1.0

Compare Source

==================================================================================================

✨ Features

🐛 Bug Fixes

v33.0.0

Compare Source

==================================================================================================

🚨 BREAKING CHANGES

🦖 Deprecations

✨ Features

🐛 Bug Fixes

v32.4.0

Compare Source

==================================================================================================

  • No changes

v32.3.0

Compare Source

==================================================================================================

✨ Features

🐛 Bug Fixes

v32.2.0

Compare Source

==================================================================================================

✨ Features

  • Use a different error code for UTDs when user was not in the room (#​4172). Contributed by @​uhoreg.
  • Modernize window.crypto access constants (#​4169). Contributed by @​turt2live.
  • Improve compliance with MSC3266 (#​4155). Contributed by @​AndrewFerr.
  • Add comment to make clear that RoomStateEvent.Events does not update related objects in the js-sdk (#​4152). Contributed by @​toger5.
  • Crypto: use a new error code for UTDs from device-relative historical events (#​4139). Contributed by @​richvdh.

🐛 Bug Fixes

  • Element-R: Fix rust migration when ssss secret are stored not encryted in cache (old legacy behavior) (#​4168). Contributed by @​BillCarsonFr.

v32.1.0

Compare Source

==================================================================================================

✨ Features

🐛 Bug Fixes

  • Validate backup private key before migrating it (#​4114). Contributed by @​BillCarsonFr.
  • ElementR| Retry query backup until it works during migration to avoid spurious correption error popup (#​4113). Contributed by @​BillCarsonFr.

v32.0.0

Compare Source

==================================================================================================

🚨 BREAKING CHANGES

  • Remove various deprecated methods & re-exports (#​4125). Contributed by @​t3chguy.
  • Remove the logic that throws when the lazy loading options has changed. (#​4124). Contributed by @​langleyd.
  • Fix highlights from threads disappearing on new messages (#​4106). Contributed by @​dbkr.

✨ Features

🐛 Bug Fixes

  • Improve types for IPowerLevelsContent and hasSufficientPowerLevelFor (#​4128). Contributed by @​galash13.
  • Remove the logic that throws when the lazy loading options has changed. (#​4124). Contributed by @​langleyd.
  • Fix highlights from threads disappearing on new messages (#​4106). Contributed by @​dbkr.
  • Extend logic for local notification processing to threads (#​4111). Contributed by @​dbkr.
  • Fix public rooms post request search params and body (#​4110). Contributed by @​ajbura.
  • Fix bugs with the first reply to a thread (#​4104). Contributed by @​dbkr.

v31.6.1

Compare Source

==================================================================================================

🐛 Bug Fixes

  • Fix merging of default push rules (#​4136).

v31.6.0

Compare Source

==================================================================================================

✨ Features

🐛 Bug Fixes

v31.5.0

Compare Source

==================================================================================================

✨ Features

🐛 Bug Fixes

v31.4.0

Compare Source

==================================================================================================

✨ Features

  • Validate account_management_uri and account_management_actions_supported from OIDC Issuer well-known (#​4074). Contributed by @​t3chguy.
  • Allow specifying OIDC url state parameter for passing data to callback (#​4068). Contributed by @​t3chguy.
  • Add getAuthIssuer method for MSC2965 (#​4071). Contributed by @​t3chguy.
  • Allow specifying more OIDC client metadata for dynamic registration (#​4070). Contributed by @​t3chguy.
  • Add unread marker event type (#​4069). Contributed by @​dbkr.
  • Add "AsJson" forms of the key import/export methods (#​4057). Contributed by @​andybalaam.

🐛 Bug Fixes

v31.3.0

Compare Source

==================================================================================================

✨ Features

🐛 Bug Fixes

v31.2.0

Compare Source

==================================================================================================

✨ Features

🐛 Bug Fixes

v31.1.0

Compare Source

==================================================================================================

✨ Features

v31.0.0

Compare Source

==================================================================================================

🚨 BREAKING CHANGES

✨ Features

🐛 Bug Fixes

v30.3.0

Compare Source

==================================================================================================

✨ Features

🐛 Bug Fixes

v30.2.0

Compare Source

==================================================================================================

✨ Features

  • Only await key query after lazy members resolved (#​3902). Contributed by [@​

Configuration

📅 Schedule: Branch creation - "" in timezone Europe/Berlin, Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.


  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate bot added the dependencies Pull requests that update a dependency file label Sep 29, 2022
@renovate renovate bot changed the title deps: Update dependency matrix-js-sdk to v19.7.0 [SECURITY] deps: Update dependency matrix-js-sdk to v24 [SECURITY] Mar 30, 2023
@renovate renovate bot force-pushed the renovate/npm-matrix-js-sdk-vulnerability branch from ab1c10c to 6475787 Compare March 30, 2023 20:47
@renovate renovate bot force-pushed the renovate/npm-matrix-js-sdk-vulnerability branch from 6475787 to 6790ae5 Compare August 21, 2024 23:38
@renovate renovate bot changed the title deps: Update dependency matrix-js-sdk to v24 [SECURITY] deps: Update dependency matrix-js-sdk to v34 [SECURITY] Aug 21, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
dependencies Pull requests that update a dependency file
Projects
None yet
Development

Successfully merging this pull request may close these issues.

0 participants