Vulnerabilities could allow hackers to disrupt sensitive conversations
The vulnerabilities are rated as “high” rather than “critical,” according to the foundation, as they “do not result in data compromise or exposure.” Matrix notes that it is not aware of the issues being exploited.
If not addressed immediately, Avakian explained that the two serious flaws could allow hackers to disrupt conversations and trusted communications. One could let a bad actor take over “creator” powers for a chat room, allowing them to make changes, redirect people to a different room, or shut the room down altogether. The other could let someone predict a room’s address before the creator initiates it, which could cause confusion or allow threat actors to set up a fake version of a room.
This could allow them to “potentially spread misinformation, trick people into sharing information, or simply shut down communication channels critical to business or during a crisis or sensitive project,” he said.
