mirror of
https://gitlab.computer.surgery/matrix/grapevine.git
synced 2026-02-04 07:41:23 +01:00
e6f6fb0861
This fixes a vulnerability where an attacker with a a malicious remote server and a user on the local server can trick the local server into signing arbitrary events. The attacker issue a remote leave as the local user to a room on the malicious server. Without any validation of the make_leave response, the local server would sign the attacker-controlled event and pass it back to the malicious server with send_leave. The join endpoints is also fixed in this commit, but is less useful for exploitation because the local server replaces the "content" field returned by the remote server. Remote invites are unaffected because we already check that the event returned from /invite has the same event ID as the event passed to it. |
||
|---|---|---|
| .. | ||
| contributing | ||
| installing | ||
| changelog.md | ||
| code-of-conduct.md | ||
| contributing.md | ||
| installing.md | ||
| introduction.md | ||
| migration.md | ||
| SUMMARY.md | ||