CVE-2024-52813

Name of the Vulnerable Software and Affected Versions matrix-sdk-crypto versions prior to 0.8.0

Description The issue concerns a lack of a dedicated mechanism to notify when a user's cryptographic identity changes from verified to unverified, potentially causing client applications to overlook such changes. This could lead to security issues if not properly addressed. The VerificationLevel::VerificationViolation enum variant, introduced in version 0.8.0, indicates that a previously verified identity has been changed.

Recommendations For versions prior to 0.8.0, update to version 0.8.0 or later to include the new VerificationLevel::VerificationViolation enum variant, which provides the necessary notification mechanism for changes in a user's cryptographic identity.