backups/grapevine
1
0
Fork 0
mirror of https://gitlab.computer.surgery/matrix/grapevine.git synced 2026-02-04 07:41:23 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

validate membership events returned by remote servers

Browse source 
This fixes a vulnerability where an attacker with a a malicious remote
server and a user on the local server can trick the local server into
signing arbitrary events. The attacker issue a remote leave as the local
user to a room on the malicious server. Without any validation of the
make_leave response, the local server would sign the attacker-controlled
event and pass it back to the malicious server with send_leave.

The join endpoints is also fixed in this commit, but is less useful for
exploitation because the local server replaces the "content" field
returned by the remote server. Remote invites are unaffected because we
already check that the event returned from /invite has the same event ID
as the event passed to it.
This commit is contained in:
Olivia Lee 2025-12-30 02:49:38 -08:00
parent 9a50c2448a
commit e6f6fb0861
No known key found for this signature in database
GPG key ID: 54D568A15B9CD1F9
2 changed files with 103 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

4
book/changelog.md
View file

@ -59,6 +59,10 @@ This will be the first release of Grapevine since it was forked from Conduit
8. Fix vulnerability that allows a malicious server to trick a grapevine server
into signing arbitrary forged events via the send_invite endpoint.
([!205](https://gitlab.computer.surgery/matrix/grapevine/-/merge_requests/205))
9. Fix vulnerability that allows a malicious user on a grapevine server to use a
malicious remote server to trick the local server into signing arbitrary
events via remote leave.
([!206](https://gitlab.computer.surgery/matrix/grapevine/-/merge_requests/206))
### Removed