CVE-2024-47080: 
JavaScript vulnerability analysis and mitigation

The vulnerability (CVE-2024-47080) affects matrix-js-sdk versions 9.11.0 through 34.7.0. The vulnerability exists in the MatrixClient.sendSharedHistoryKeys method, which is used to share historical message keys with newly invited users in Matrix messaging protocol. This functionality was introduced as part of MSC3061 specification to grant access to past messages in encrypted rooms (GitHub Advisory).

The vulnerability stems from the MatrixClient.sendSharedHistoryKeys method unconditionally sending shared keys to all of the invited user's devices, without verifying the user's cryptographic identity or checking whether the user's devices are properly signed by that identity. This implementation flaw only affects clients using the legacy crypto stack. Clients using the new Rust cryptography stack (those calling MatrixClient.initRustCrypto() instead of MatrixClient.initCrypto()) are not affected as the vulnerable method raises an exception in such environments (GitHub Advisory, Security Online).

The vulnerability allows potential attackers to intercept sensitive historical encryption keys by injecting their own devices without proper security verification. This could lead to unauthorized access to encrypted message history in affected rooms (GitHub Advisory).

The vulnerability has been fixed in matrix-js-sdk version 34.8.0 by removing the vulnerable functionality entirely. As a workaround for affected versions, users should remove the use of affected functionality from their clients. Organizations using the SDK are strongly urged to update to version 34.8.0 or later (GitHub Advisory).

Following the disclosure, the Matrix.org Security Team has announced plans to revise the MSC3061 specification to explicitly clarify that key forwarding should only forward keys to verified devices owned by verified users, ensuring that historical keys are never shared with untrusted devices (Security Online).