CVE-2023-29529

Published: Apr 14, 2023

Modified: Feb 6, 2025

PUBLISHED

CVSS v3.1

5.0

MEDIUM

Description

matrix-js-sdk is the Matrix Client-Server SDK for JavaScript and TypeScript. An attacker present in a room where an MSC3401 group call is taking place can eavesdrop on the video and audio of participants using matrix-js-sdk, without their knowledge. To affected matrix-js-sdk users, the attacker will not appear to be participating in the call. This attack is possible because matrix-js-sdk's group call implementation accepts incoming direct calls from other users, even if they have not yet declared intent to participate in the group call, as a means of resolving a race condition in call setup. Affected versions do not restrict access to the user's outbound media in this case. Legacy 1:1 calls are unaffected. This is fixed in matrix-js-sdk 24.1.0. As a workaround, users may hold group calls in private rooms where only the exact users who are expected to participate in the call are present.

Vendor	Product	Versions
matrix-org	matrix-js-sdk	affected `< 24.1.0`

Weaknesses (CWE)

CWE-862

CVSS v3.1 Details

CVSS v3.1 Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Changed

Confidentiality

Low

Integrity

None

Availability

None

References

https://github.com/matrix-org/matrix-js-sdk/security/advisories/GHSA-6g67-q39g-r79q

x_refsource_CONFIRM

https://github.com/matrix-org/matrix-spec-proposals/pull/3401

x_refsource_MISC

https://github.com/matrix-org/matrix-js-sdk/releases/tag/v24.1.0

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2023-29529

Description

Affected Products

Weaknesses (CWE)

CVSS v3.1 Details

References