CVE-2021-32622

Matrix-React-SDK is a react-based SDK for inserting a Matrix chat/voip client into a web page. Before version 3.21.0, when uploading a file, the local file preview can lead to execution of scripts embedded in the uploaded file. This can only occur after several user interactions to open the preview in a separate tab. This only impacts the local user while in the process of uploading. It cannot be exploited remotely or by other users. This vulnerability is patched in version 3.21.0.

CVSS v3 7.8 HIGH
CVSS v2.0 4.4 MEDIUM

7.8^/10

CVSS v3 : HIGH

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

4.4^/10

CVSS v2.0 : MEDIUM

Vector : AV:L/AC:M/Au:N/C:P/I:P/A:P

Exploitability : 3.4 / Impact : 6.4

Access Vector LOCAL

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
https://github.com/matrix-org/matrix-react-sdk/pull/5981	Patch Third Party Advisory
https://github.com/matrix-org/matrix-react-sdk/security/advisories/GHSA-8796-gc9j-63rv	Patch Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:matrix-react-sdk_project:matrix-react-sdk:*:*:*:*:*:node.js:*:*

History

No history.

Information

Published : 2021-05-17 20:15

Updated : 2021-05-25 18:37

NVD link : CVE-2021-32622

Mitre link : CVE-2021-32622

CVE.ORG link : CVE-2021-32622

JSON object : View

Products Affected

matrix-react-sdk_project

matrix-react-sdk

CWE

CWE-434

Unrestricted Upload of File with Dangerous Type

CWE-74

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

{"id": "CVE-2021-32622", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.4, "accessVector": "LOCAL", "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 3.4, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}, {"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.2, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 3.4, "exploitabilityScore": 0.8}]}, "published": "2021-05-17T20:15:07.527", "references": [{"url": "https://github.com/matrix-org/matrix-react-sdk/pull/5981", "tags": ["Patch", "Third Party Advisory"], "source": "security-advisories@github.com"}, {"url": "https://github.com/matrix-org/matrix-react-sdk/security/advisories/GHSA-8796-gc9j-63rv", "tags": ["Patch", "Third Party Advisory"], "source": "security-advisories@github.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-434"}]}, {"type": "Secondary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-74"}]}], "descriptions": [{"lang": "en", "value": "Matrix-React-SDK is a react-based SDK for inserting a Matrix chat/voip client into a web page. Before version 3.21.0, when uploading a file, the local file preview can lead to execution of scripts embedded in the uploaded file. This can only occur after several user interactions to open the preview in a separate tab. This only impacts the local user while in the process of uploading. It cannot be exploited remotely or by other users. This vulnerability is patched in version 3.21.0."}, {"lang": "es", "value": "Matrix-React-SDK es un SDK basado en react para insertar un cliente de chat/voip de Matrix en una p\u00e1gina web. Anterior a versi\u00f3n 3.21.0, al cargar un archivo, la vista previa del archivo local puede conllevar a una ejecuci\u00f3n de scripts insertados en el archivo cargado. Esto solo puede ocurrir despu\u00e9s de varias interacciones del usuario para abrir la vista previa en una pesta\u00f1a separada. Esto solo afecta al usuario local durante el proceso de carga. No puede ser explotado remotamente o por otros usuarios. Esta vulnerabilidad est\u00e1 parcheada en la versi\u00f3n 3.21.0"}], "lastModified": "2021-05-25T18:37:24.363", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:matrix-react-sdk_project:matrix-react-sdk:*:*:*:*:*:node.js:*:*", "vulnerable": true, "matchCriteriaId": "05BC4649-5918-4D26-B2B4-579FBAB9AE14", "versionEndExcluding": "3.21.0"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}