matrix-react-sdk is an npm package which is a Matrix SDK for React Javascript. In matrix-react-sdk before version 3.15.0, the user content…
GitHub_M·CWE-345·Published 2021-03-02
matrix-react-sdk is an npm package which is a Matrix SDK for React Javascript. In matrix-react-sdk before version 3.15.0, the user content sandbox can be abused to trick users into opening unexpected documents. The content is opened with a `blob` origin that cannot access Matrix user data, so messages and secrets are not at risk. This has been fixed in version 3.15.0.
matrix-react-sdk is an npm package which is a Matrix SDK for React Javascript. In matrix-react-sdk before version 3.15.0, the user content sandbox can be abused to trick users into opening unexpected documents. The content is opened with a `blob` origin that cannot access Matrix user data, so messages and secrets are not at risk. This has been fixed in version 3.15.0.
### Impact The user content sandbox can be abused to trick users into opening unexpected documents after several user interactions. The content can be opened with a `blob` origin from the Matrix client, so it is possible for a malicious document to access user messages and secrets. ### Patches This has been fixed by https://github.com/matrix-org/matrix-react-sdk/pull/5657, which is included in 3.15.0. ### Workarounds There are no known workarounds.
### Impact The user content sandbox can be abused to trick users into opening unexpected documents after several user interactions. The content can be opened with a `blob` origin from the Matrix client, so it is possible for a malicious document to access user messages and secrets. ### Patches This has been fixed by https://github.com/matrix-org/matrix-react-sdk/pull/5657, which is included in 3.15.0. ### Workarounds There are no known workarounds.
matrix-react-sdk es un paquete npm que es un Matrix SDK para React Javascript. En matrix-react-sdk anterior a la versión 3.15.0, el sandbox del contenido del usuario puede ser abusado para engañar a los usuarios para que abran documentos inesperados. El contenido es abierto con un origen "blob" que no puede acceder a los datos del usuario de Matrix, por lo que los mensajes y secretos no están en riesgo. Esto ha sido corregido en la versión 3.15.0
| Version | Type | Source | Base | Exp | Impact | Vector |
|---|---|---|---|---|---|---|
| 2.0 | Primary | NVD | 4.3 | 8.6 | 2.9 | AV:N/AC:M/Au:N/C:N/I:P/A:N |
| 3.1 | Primary | NVD | 4.3 | 2.8 | 1.4 | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N |
| 3.1 | Primary | cve.org | 2.6 | — | — | CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:N |
| 3.1 | Primary | cve.org | 2.6 | — | — | CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:N |
| 3.1 | Secondary | GHSA | 2.6 | — | — | CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:N |
| 3.1 | Secondary | NVD | 2.6 | 1.2 | 1.4 | CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:N |