CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-53867 – Synapse Matrix has a partial room state leak via Sliding Sync
https://notcve.org/view.php?id=CVE-2024-53867
03 Dec 2024 — Synapse is an open-source Matrix homeserver. The Sliding Sync feature on Synapse versions between 1.113.0rc1 and 1.120.0 can leak partial room state changes to users no longer in a room. Non-state events, like messages, are unaffected. This vulnerability is fixed in 1.120.1. • https://github.com/element-hq/synapse/security/advisories/GHSA-56w4-5538-8v8h • CWE-497: Exposure of Sensitive System Information to an Unauthorized Control Sphere •
CVSS: 8.2EPSS: 0%CPEs: 1EXPL: 0CVE-2024-53863 – Synapse can be forced to thumbnail unexpected file formats, invoking external, potentially untrustworthy decoders
https://notcve.org/view.php?id=CVE-2024-53863
03 Dec 2024 — Synapse is an open-source Matrix homeserver. In Synapse versions before 1.120.1, enabling the dynamic_thumbnails option or processing a specially crafted request could trigger the decoding and thumbnail generation of uncommon image formats, potentially invoking external tools like Ghostscript for processing. This significantly expands the attack surface in a historically vulnerable area, presenting a risk that far outweighs the benefit, particularly since these formats are rarely used on the open web or wit... • https://github.com/element-hq/synapse/security/advisories/GHSA-vp6v-whfm-rv3g • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-51750 – Element allows a malicious homeserver can modify events leading to unrenderable events or rooms
https://notcve.org/view.php?id=CVE-2024-51750
12 Nov 2024 — Element is a Matrix web client built using the Matrix React SDK. A malicious homeserver can send invalid messages over federation which can prevent Element Web and Desktop from rendering single messages or the entire room containing them. This was patched in Element Web and Desktop 1.11.85. • https://github.com/element-hq/element-web/commit/231073c578d5f92b33cde7aa2b0b9c5836b2dc48 • CWE-248: Uncaught Exception •
CVSS: 4.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-51749 – Element's thumbnails can be abused to misrepresent the content of an attachment
https://notcve.org/view.php?id=CVE-2024-51749
12 Nov 2024 — Element is a Matrix web client built using the Matrix React SDK. Versions of Element Web and Desktop earlier than 1.11.85 do not check if thumbnails for attachments, stickers and images are coherent. It is possible to add thumbnails to events trigger a file download once clicked. Fixed in element-web 1.11.85. • https://github.com/element-hq/element-web/commit/a00c343435d633e64de2c0548217aa611c7bbef5 • CWE-451: User Interface (UI) Misrepresentation of Critical Information •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-47779 – Element Web vulnerable to potential exposure of access token via authenticated media
https://notcve.org/view.php?id=CVE-2024-47779
15 Oct 2024 — Element is a Matrix web client built using the Matrix React SDK. Element Web versions 1.11.70 through 1.11.80 contain a vulnerability which can, under specially crafted conditions, lead to the access token becoming exposed to third parties. At least one vector has been identified internally, involving malicious widgets, but other vectors may exist. Note that despite superficial similarity to CVE-2024-47771, this is an entirely separate vulnerability, caused by a separate piece of code included only in Eleme... • https://github.com/element-hq/element-web/security/advisories/GHSA-3jm3-x98c-r34x • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-47771 – Element Desktop vulnerable to potential exposure of access token via authenticated media
https://notcve.org/view.php?id=CVE-2024-47771
15 Oct 2024 — Element Desktop is a Matrix client for desktop platforms. Element Desktop versions 1.11.70 through 1.11.80 contain a vulnerability which can, under specially crafted conditions, lead to the access token becoming exposed to third parties. At least one vector has been identified internally, involving malicious widgets, but other vectors may exist. Users are strongly advised to upgrade to version 1.11.81 to remediate the issue. As a workaround, avoid granting permissions to untrusted widgets. • https://github.com/element-hq/element-desktop/commit/6c78684e84ba7f460aedba6f017760e2323fdf4b • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-31208 – Synapse's V2 state resolution weakness allows DoS from remote room members
https://notcve.org/view.php?id=CVE-2024-31208
23 Apr 2024 — Synapse is an open-source Matrix homeserver. A remote Matrix user with malicious intent, sharing a room with Synapse instances before 1.105.1, can dispatch specially crafted events to exploit a weakness in the V2 state resolution algorithm. This can induce high CPU consumption and accumulate excessive data in the database of such instances, resulting in a denial of service. Servers in private federations, or those that do not federate, are not affected. Server administrators should upgrade to 1.105.1 or lat... • https://github.com/element-hq/synapse/commit/55b0aa847a61774b6a3acdc4b177a20dc019f01a • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-26132 – Element Android can be asked to share internal files.
https://notcve.org/view.php?id=CVE-2024-26132
20 Feb 2024 — Element Android is an Android Matrix Client. A third-party malicious application installed on the same phone can force Element Android, version 0.91.0 through 1.6.12, to share files stored under the `files` directory in the application's private data directory to an arbitrary room. The impact of the attack is reduced by the fact that the databases stored in this folder are encrypted. However, it contains some other potentially sensitive information, such as the FCM token. Forks of Element Android which have... • https://element.io/blog/security-release-element-android-1-6-12 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-26131 – Element Android Intent Redirection
https://notcve.org/view.php?id=CVE-2024-26131
20 Feb 2024 — Element Android is an Android Matrix Client. Element Android version 1.4.3 through 1.6.10 is vulnerable to intent redirection, allowing a third-party malicious application to start any internal activity by passing some extra parameters. Possible impact includes making Element Android display an arbitrary web page, executing arbitrary JavaScript; bypassing PIN code protection; and account takeover by spawning a login screen to send credentials to an arbitrary home server. This issue is fixed in Element Andro... • https://element.io/blog/security-release-element-android-1-6-12 • CWE-923: Improper Restriction of Communication Channel to Intended Endpoints CWE-940: Improper Verification of Source of a Communication Channel •