Matrix Media Repo Unauthenticated Content Injection Vulnerability

A vulnerability in Matrix Media Repo (MMR) versions prior to 1.3.5 allows unauthenticated remote participants to download and cache media from a remote homeserver to the local media repository. This content can then be accessed from the local homeserver without authentication. As a result, unauthenticated remote adversaries can exploit this feature to introduce undesirable content into the media repository.

Impact

Exploitation of this vulnerability allows for the injection of problematic content into the media repository, which can be accessed unauthenticated from the local homeserver.

Remediation

Users can update to Matrix Media Repo version 1.3.5 or later, which introduces authenticated endpoints for media downloads. The unauthenticated endpoints will be deprecated in a future release. Server operators can also implement stricter rate limits based on IP address as a temporary workaround.