CVE-2021-40823, CVE-2021-40824: are mautrix-based apps vulnerable?
foresto opened this issue · 1 comments
foresto commented
https://matrix.org/blog/2021/09/13/vulnerability-disclosure-key-sharing
Can someone address these vulnerabilities, and whether mautrix and apps like gomuks are affected by either or both of them?
tulir commented
No, the default implementation of AllowKeyShare only allows sharing to your own verified devices