CVE-2023-41318 MEDIUM

CVE-2023-41318: Unsafe media served inline on download endpoints in matrix-media-repo

Vendor Turt2Live

Product matrix-media-repo

Weakness CWE-79 · XSS

Published September 8, 2023

Last update September 26, 2024

View on NVD All CVEs

CVSS base score

4.1/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction Required

Confidentiality Low

Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:N/A:N

What the vulnerability does

01Description

matrix-media-repo is a highly customizable multi-domain media repository for the Matrix chat ecosystem. In affected versions an attacker could upload a malicious piece of media to the media repo, which would then be served with `Content-Disposition: inline` upon download. This vulnerability could be leveraged to execute scripts embedded in SVG content. Commits `77ec235` and `bf8abdd` fix the issue and are included in the 1.3.0 release. Operators should upgrade to v1.3.0 as soon as possible. Operators unable to upgrade should override the `Content-Disposition` header returned by matrix-media-repo as a workaround.

Key dates

02Disclosure timeline

September 8, 2023 CVE published

September 26, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2023-41318 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/79.html

Related vulnerabilities

CVE-2023-41318: Unsafe media served inline on download endpoints in matrix-media-repo

01Description

02Disclosure timeline

03References

04Related CVE