CVE-2021-39164— Improper authorisation of /members discloses room membership to non-members

Improper authorisation of /members discloses room membership to non-members

Matrix is an ecosystem for open federated Instant Messaging and Voice over IP. In versions 1.41.0 and prior, unauthorised users can access the membership (list of members, with their display names) of a room if they know the ID of the room. The vulnerability is limited to rooms with `shared` history visibility. Furthermore, the unauthorised user must be using an account on a vulnerable homeserver that is in the room. Server administrators should upgrade to 1.41.1 or later in order to receive the patch. One workaround is available. Administrators of servers that use a reverse proxy could, with potentially unacceptable loss of functionality, block the endpoints: `/_matrix/client/r0/rooms/{room_id}/members` with `at` query parameter, and `/_matrix/client/unstable/rooms/{room_id}/members` with `at` query parameter.

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N

信息暴露

Matrix 信息泄露漏洞

Matrix是一个雄心勃勃的新生态系统，用于开放联合即时消息和 VoIP。 Matrix 存在信息泄露漏洞，该漏洞源于产品未对访问用户权限做有效验证。攻击者可通过别的房间的ID来访问成员的敏感信息。以下产品及版本受到影响：1.41.0 及之前版本。

N/A

N/A