From e7ce6ba0ef2a3d620b9dc774ddbd391a6e1252cd Mon Sep 17 00:00:00 2001 From: Davide Girardi <16451191+davidegirardi@users.noreply.github.com> Date: Fri, 30 Aug 2024 14:17:52 +0200 Subject: [PATCH 1/6] Add entries to Security Hall of Fame --- content/security-hall-of-fame/findings.toml | 27 +++++++++++++++++++++ 1 file changed, 27 insertions(+) diff --git a/content/security-hall-of-fame/findings.toml b/content/security-hall-of-fame/findings.toml index 5cc69af85..f78d7692c 100644 --- a/content/security-hall-of-fame/findings.toml +++ b/content/security-hall-of-fame/findings.toml @@ -1,3 +1,30 @@ +[[findings]] +date = "2024-05-26" +reporter.name = "Charlotte" +reporter.link = "https://github.com/DarkKirb" +summary = """ +Found room preview settings were controllable by the homeserver. +""" +project = "Matrix JS SDK" + +[[findings]] +date = "2024-05-26" +reporter.name = "morguldir" +reporter.link = "https://github.com/morguldir/" +summary = """ +Discovered a way to freeze clients using the Matrix JS SDK by crafting a room with itself as its predecessor (CVE-2024-42369 / GHSA-vhr5-g3pm-49fm). +""" +project = "Matrix JS SDK" + +[[findings]] +date = "2024-04-25" +reporter.name = "Johannes Marbach" +reporter.link = "https://github.com/Johennes" +summary = """ +Identified a method to supply arbitrary parameter to sonar-scanner. +""" +project = "matrix-org/sonarcloud-workflow-action" + [[findings]] date = "2023-07-31" reporter.name = "Martin Schobert, Pentagrid AG" From 8c65b471abfada48dc651bff279cac06174bc703 Mon Sep 17 00:00:00 2001 From: Davide Girardi <16451191+davidegirardi@users.noreply.github.com> Date: Fri, 30 Aug 2024 14:25:14 +0200 Subject: [PATCH 2/6] Add GHSA-3h7q-rfh9-xm4v --- content/security-hall-of-fame/findings.toml | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/content/security-hall-of-fame/findings.toml b/content/security-hall-of-fame/findings.toml index f78d7692c..ebf176a3d 100644 --- a/content/security-hall-of-fame/findings.toml +++ b/content/security-hall-of-fame/findings.toml @@ -25,6 +25,15 @@ Identified a method to supply arbitrary parameter to sonar-scanner. """ project = "matrix-org/sonarcloud-workflow-action" +[[findings]] +date = "2023-06-20" +reporter.name = "Alexey Shchepin" +reporter.link = "https://github.com/alexeyshch" +summary = """ +Discovered that weakness in auth chain indexing allowed DoS from remote room members through disk fill and high CPU usage ([GHSA-3h7q-rfh9-xm4v](https://github.com/element-hq/synapse/security/advisories/GHSA-3h7q-rfh9-xm4v)). +""" +project = "Synapse" + [[findings]] date = "2023-07-31" reporter.name = "Martin Schobert, Pentagrid AG" From d52ab65730d007a6de022fd435eb14623bdb406b Mon Sep 17 00:00:00 2001 From: Davide Girardi <16451191+davidegirardi@users.noreply.github.com> Date: Fri, 30 Aug 2024 14:34:21 +0200 Subject: [PATCH 3/6] Fix project name --- content/security-hall-of-fame/findings.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/security-hall-of-fame/findings.toml b/content/security-hall-of-fame/findings.toml index ebf176a3d..228d1deb6 100644 --- a/content/security-hall-of-fame/findings.toml +++ b/content/security-hall-of-fame/findings.toml @@ -5,7 +5,7 @@ reporter.link = "https://github.com/DarkKirb" summary = """ Found room preview settings were controllable by the homeserver. """ -project = "Matrix JS SDK" +project = "Matrix React SDK" [[findings]] date = "2024-05-26" From c3146ef3978f01e2d562d770e7010928280ee47f Mon Sep 17 00:00:00 2001 From: davidegirardi <16451191+davidegirardi@users.noreply.github.com> Date: Fri, 30 Aug 2024 14:35:58 +0200 Subject: [PATCH 4/6] Update content/security-hall-of-fame/findings.toml Co-authored-by: Denis Kasak --- content/security-hall-of-fame/findings.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/security-hall-of-fame/findings.toml b/content/security-hall-of-fame/findings.toml index 228d1deb6..0c036ee39 100644 --- a/content/security-hall-of-fame/findings.toml +++ b/content/security-hall-of-fame/findings.toml @@ -10,7 +10,7 @@ project = "Matrix React SDK" [[findings]] date = "2024-05-26" reporter.name = "morguldir" -reporter.link = "https://github.com/morguldir/" +reporter.link = "https://github.com/morguldir" summary = """ Discovered a way to freeze clients using the Matrix JS SDK by crafting a room with itself as its predecessor (CVE-2024-42369 / GHSA-vhr5-g3pm-49fm). """ From c843f04a8261b9c79ab88ea12aabdba164ef89e1 Mon Sep 17 00:00:00 2001 From: davidegirardi <16451191+davidegirardi@users.noreply.github.com> Date: Fri, 30 Aug 2024 14:36:03 +0200 Subject: [PATCH 5/6] Update content/security-hall-of-fame/findings.toml Co-authored-by: Denis Kasak --- content/security-hall-of-fame/findings.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/security-hall-of-fame/findings.toml b/content/security-hall-of-fame/findings.toml index 0c036ee39..bb4eba3f0 100644 --- a/content/security-hall-of-fame/findings.toml +++ b/content/security-hall-of-fame/findings.toml @@ -3,7 +3,7 @@ date = "2024-05-26" reporter.name = "Charlotte" reporter.link = "https://github.com/DarkKirb" summary = """ -Found room preview settings were controllable by the homeserver. +Found room URL preview settings were controllable by the homeserver. """ project = "Matrix React SDK" From 15e8fd608a7b2b947a6b6f3dd4ab8da58e2b1d58 Mon Sep 17 00:00:00 2001 From: Denis Kasak Date: Fri, 13 Sep 2024 10:40:51 +0200 Subject: [PATCH 6/6] Add missing CVE IDs --- content/security-hall-of-fame/findings.toml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/content/security-hall-of-fame/findings.toml b/content/security-hall-of-fame/findings.toml index bb4eba3f0..63aeaf9a7 100644 --- a/content/security-hall-of-fame/findings.toml +++ b/content/security-hall-of-fame/findings.toml @@ -12,7 +12,7 @@ date = "2024-05-26" reporter.name = "morguldir" reporter.link = "https://github.com/morguldir" summary = """ -Discovered a way to freeze clients using the Matrix JS SDK by crafting a room with itself as its predecessor (CVE-2024-42369 / GHSA-vhr5-g3pm-49fm). +Discovered a way to freeze clients using the Matrix JS SDK by crafting a room with itself as its predecessor ([CVE-2024-42369](https://www.cve.org/CVERecord?id=CVE-2024-42369) / [GHSA-vhr5-g3pm-49fm](https://github.com/matrix-org/matrix-js-sdk/security/advisories/GHSA-vhr5-g3pm-49fm)). """ project = "Matrix JS SDK" @@ -30,7 +30,7 @@ date = "2023-06-20" reporter.name = "Alexey Shchepin" reporter.link = "https://github.com/alexeyshch" summary = """ -Discovered that weakness in auth chain indexing allowed DoS from remote room members through disk fill and high CPU usage ([GHSA-3h7q-rfh9-xm4v](https://github.com/element-hq/synapse/security/advisories/GHSA-3h7q-rfh9-xm4v)). +Discovered that weakness in auth chain indexing allowed DoS from remote room members through disk fill and high CPU usage ([CVE-2024-31208](https://www.cve.org/CVERecord?id=CVE-2024-31208) / [GHSA-3h7q-rfh9-xm4v](https://github.com/element-hq/synapse/security/advisories/GHSA-3h7q-rfh9-xm4v)). """ project = "Synapse" @@ -68,7 +68,7 @@ project = "Synapse" [[findings]] date = "2023-04-25" reporter.name = "S1m" -reporter.link = "https://github.com/p1gp1g/" +reporter.link = "https://github.com/p1gp1g" summary = """ Discovered an XSS vector for [CVE-2023-30609](https://nvd.nist.gov/vuln/detail/CVE-2023-30609)/