matrix-sdk-ui: Incomplete edit validation
Impact
The message edit validation logic in thematrix-sdk-ui crate before 0.16.1 is missing a check: when replacing an encrypted event, the replacement event itself is not required to be encrypted. This enables a malicious homeserver administrator (or an actor with equivalent power) to impersonate or spoof messages as if they were sent by a victim user.Patches
matrix-sdk-ui 0.16.1 fixes the message edit validation logic to align with the algorithm for replacement events[^1] described in the Matrix specification.Workarounds
N/AReferences
* Pull request: https://github.com/matrix-org/matrix-rust-sdk/pull/6454For more information
If you have any questions or comments about this advisory, please email us at security at matrix.org.[^1]: https://spec.matrix.org/unstable/client-server-api/#validity-of-replacement-events