FKIE_CVE-2024-36402

Vulnerability from fkie_nvd - Published: 2025-01-16 20:15 - Updated: 2025-08-20 15:34
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Summary
Matrix Media Repo (MMR) is a highly configurable multi-homeserver media repository for Matrix. MMR before version 1.3.5 allows, by design, unauthenticated remote participants to trigger a download and caching of remote media from a remote homeserver to the local media repository. Such content then also becomes available for download from the local homeserver in an unauthenticated way. The implication is that unauthenticated remote adversaries can use this functionality to plant problematic content into the media repository. MMR 1.3.5 introduces a partial mitigation in the form of new endpoints which require authentication for media downloads. The unauthenticated endpoints will be frozen in a future release, closing the attack vector. Though extremely limited, server operators can use more strict rate limits based on IP address as a partial workaround.
References
security-advisories@github.comhttps://github.com/matrix-org/matrix-spec-proposals/pull/3916Issue Tracking
security-advisories@github.comhttps://github.com/t2bot/matrix-media-repo/security/advisories/GHSA-8vmr-h7h5-cqhgVendor Advisory
Impacted products
Vendor Product Version
t2bot matrix-media-repo *
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:t2bot:matrix-media-repo:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0B2BD7DE-DC40-4CC9-89A7-40F3AEDBE012",
              "versionEndExcluding": "1.3.5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Matrix Media Repo (MMR) is a highly configurable multi-homeserver media repository for Matrix. MMR before version 1.3.5 allows, by design, unauthenticated remote participants to trigger a download and caching of remote media from a remote homeserver to the local media repository. Such content then also becomes available for download from the local homeserver in an unauthenticated way. The implication is that unauthenticated remote adversaries can use this functionality to plant problematic content into the media repository. MMR 1.3.5 introduces a partial mitigation in the form of new endpoints which require authentication for media downloads. The unauthenticated endpoints will be frozen in a future release, closing the attack vector. Though extremely limited, server operators can use more strict rate limits based on IP address as a partial workaround."
    },
    {
      "lang": "es",
      "value": " Matrix Media Repo (MMR) es un repositorio multimedia para m\u00faltiples servidores dom\u00e9sticos altamente configurable para Matrix. La versi\u00f3n 1.3.5 de MMR permite, por dise\u00f1o, que los participantes remotos no autenticados activen una descarga y almacenamiento en cach\u00e9 de contenido multimedia remoto desde un servidor dom\u00e9stico remoto al repositorio multimedia local. Dicho contenido tambi\u00e9n se vuelve disponible para su descarga desde el servidor dom\u00e9stico local de manera no autenticada. La implicaci\u00f3n es que los adversarios remotos no autenticados pueden usar esta funcionalidad para introducir contenido problem\u00e1tico en el repositorio multimedia. MMR 1.3.5 introduce una mitigaci\u00f3n parcial en forma de nuevos endpoints que requieren autenticaci\u00f3n para las descargas multimedia. Los endpoints no autenticados se congelar\u00e1n en una versi\u00f3n futura, lo que cerrar\u00e1 el vector de ataque. Aunque son extremadamente limitados, los operadores de servidores pueden usar l\u00edmites de velocidad m\u00e1s estrictos basados en la direcci\u00f3n IP como workaround parcial."
    }
  ],
  "id": "CVE-2024-36402",
  "lastModified": "2025-08-20T15:34:56.320",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "LOW",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 1.4,
        "source": "security-advisories@github.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2025-01-16T20:15:32.047",
  "references": [
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Issue Tracking"
      ],
      "url": "https://github.com/matrix-org/matrix-spec-proposals/pull/3916"
    },
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://github.com/t2bot/matrix-media-repo/security/advisories/GHSA-8vmr-h7h5-cqhg"
    }
  ],
  "sourceIdentifier": "security-advisories@github.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-287"
        }
      ],
      "source": "security-advisories@github.com",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.