matrix-rust-sdk is an implementation of a Matrix client-server library in Rust. Versions of the matrix-sdk-crypto Rust crate before 0.8.0 lack a dedicated mechanism to notify that a user's cryptographic identity has changed from a verified to an unverified one, which could cause client applications relying on the SDK to overlook such changes. matrix-sdk-crypto 0.8.0 adds a new VerificationLevel::VerificationViolation enum variant which indicates that a previously verified identity has been changed.
CVE ID: CVE-2024-52813
CVSS Base Severity: MEDIUM
CVSS Base Score: 4.3
Vendor: matrix-org
Product: matrix-rust-sdk
EPSS Score: 0.04% (probability of being exploited)
EPSS Percentile: 11.49% (scored less or equal to compared to others)
EPSS Date: 2025-02-05 (when was this score calculated)