CVE-2021-40824 - OpenCVE

A logic error in the room key sharing functionality of Element Android before 1.2.2 and matrix-android-sdk2 (aka Matrix SDK for Android) before 1.2.2 allows a malicious Matrix homeserver present in an encrypted room to steal room encryption keys (via crafted Matrix protocol messages) that were originally sent by affected Matrix clients participating in that room. This allows the attacker to decrypt end-to-end encrypted messages sent by affected clients.

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:M/Au:N/C:P/I:N/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Matrix	Element Matrix-android-sdk2

Configuration 1 [-]

OR	cpe:2.3:a:matrix:element::::::android::*
	cpe:2.3:a:matrix:matrix-android-sdk2::::::android::*

No data.

References

Link	Providers
https://github.com/matrix-org/matrix-android-sdk2/releases/tag/v1.2.2
https://matrix.org/blog/2021/09/13/vulnerability-disclosure-key-sharing

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2021-09-13T18:49:28

Updated: 2024-08-04T02:51:07.032Z

Reserved: 2021-09-09T00:00:00

Link: CVE-2021-40824

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2021-09-13T19:15:19.340

Modified: 2023-08-08T14:22:24.967

Link: CVE-2021-40824

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "A logic error in the room key sharing functionality of Element Android before 1.2.2 and matrix-android-sdk2 (aka Matrix SDK for Android) before 1.2.2 allows a malicious Matrix homeserver present in an encrypted room to steal room encryption keys (via crafted Matrix protocol messages) that were originally sent by affected Matrix clients participating in that room. This allows the attacker to decrypt end-to-end encrypted messages sent by affected clients."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2021-09-14T11:46:54", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://matrix.org/blog/2021/09/13/vulnerability-disclosure-key-sharing"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/matrix-org/matrix-android-sdk2/releases/tag/v1.2.2"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2021-40824", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A logic error in the room key sharing functionality of Element Android before 1.2.2 and matrix-android-sdk2 (aka Matrix SDK for Android) before 1.2.2 allows a malicious Matrix homeserver present in an encrypted room to steal room encryption keys (via crafted Matrix protocol messages) that were originally sent by affected Matrix clients participating in that room. This allows the attacker to decrypt end-to-end encrypted messages sent by affected clients."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://matrix.org/blog/2021/09/13/vulnerability-disclosure-key-sharing", "refsource": "MISC", "url": "https://matrix.org/blog/2021/09/13/vulnerability-disclosure-key-sharing"}, {"name": "https://github.com/matrix-org/matrix-android-sdk2/releases/tag/v1.2.2", "refsource": "MISC", "url": "https://github.com/matrix-org/matrix-android-sdk2/releases/tag/v1.2.2"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T02:51:07.032Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://matrix.org/blog/2021/09/13/vulnerability-disclosure-key-sharing"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/matrix-org/matrix-android-sdk2/releases/tag/v1.2.2"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2021-40824", "datePublished": "2021-09-13T18:49:28", "dateReserved": "2021-09-09T00:00:00", "dateUpdated": "2024-08-04T02:51:07.032Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:matrix:element:*:*:*:*:*:android:*:*", "matchCriteriaId": "D575EEBA-AD7C-404F-965B-16DE5BFAE908", "versionEndExcluding": "1.2.2", "vulnerable": true}, {"criteria": "cpe:2.3:a:matrix:matrix-android-sdk2:*:*:*:*:*:android:*:*", "matchCriteriaId": "A35A1290-9B73-49EB-AB28-41D9AA9587F1", "versionEndExcluding": "1.2.2", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A logic error in the room key sharing functionality of Element Android before 1.2.2 and matrix-android-sdk2 (aka Matrix SDK for Android) before 1.2.2 allows a malicious Matrix homeserver present in an encrypted room to steal room encryption keys (via crafted Matrix protocol messages) that were originally sent by affected Matrix clients participating in that room. This allows the attacker to decrypt end-to-end encrypted messages sent by affected clients."}, {"lang": "es", "value": "Un error l\u00f3gico en la funcionalidad de compartici\u00f3n de claves de sala de Element Android antes de la versi\u00f3n 1.2.2 y matrix-android-sdk2 (tambi\u00e9n conocido como Matrix SDK para Android) antes de la versi\u00f3n 1.2.2 permite a un servidor dom\u00e9stico de Matrix malicioso presente en una sala cifrada robar las claves de cifrado de la sala (a trav\u00e9s de mensajes de protocolo de Matrix falsificados) que fueron enviados originalmente por los clientes de Matrix afectados que participan en esa sala. Esto permite al atacante descifrar los mensajes cifrados de extremo a extremo enviados por los clientes afectados"}], "id": "CVE-2021-40824", "lastModified": "2023-08-08T14:22:24.967", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-09-13T19:15:19.340", "references": [{"source": "cve@mitre.org", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/matrix-org/matrix-android-sdk2/releases/tag/v1.2.2"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://matrix.org/blog/2021/09/13/vulnerability-disclosure-key-sharing"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-290"}], "source": "nvd@nist.gov", "type": "Primary"}]}