CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2020-26890
https://notcve.org/view.php?id=CVE-2020-26890
24 Nov 2020 — Matrix Synapse before 1.20.0 erroneously permits non-standard NaN, Infinity, and -Infinity JSON values in fields of m.room.member events, allowing remote attackers to execute a denial of service attack against the federation and common Matrix clients. If such a malformed event is accepted into the room's state, the impact is long-lasting and is not fixed by an upgrade to a newer version, requiring the event to be manually redacted instead. Since events are replicated to servers of other room members, the im... • https://github.com/matrix-org/synapse/security/advisories/GHSA-4mp3-385r-v63f • CWE-20: Improper Input Validation •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2020-26891
https://notcve.org/view.php?id=CVE-2020-26891
19 Oct 2020 — AuthRestServlet in Matrix Synapse before 1.21.0 is vulnerable to XSS due to unsafe interpolation of the session GET parameter. This allows a remote attacker to execute an XSS attack on the domain Synapse is hosted on, by supplying the victim user with a malicious URL to the /_matrix/client/r0/auth/*/fallback/web or /_matrix/client/unstable/auth/*/fallback/web Synapse endpoints. AuthRestServlet en Matrix Synapse versiones anteriores a 1.21.0 es vulnerable a XSS debido a la interpolación insegura del parámetr... • https://github.com/matrix-org/synapse/pull/8444 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2019-18835
https://notcve.org/view.php?id=CVE-2019-18835
07 Nov 2019 — Matrix Synapse before 1.5.0 mishandles signature checking on some federation APIs. Events sent over /send_join, /send_leave, and /invite may not be correctly signed, or may not come from the expected servers. Matrix Synapse versiones anteriores a 1.5.0, maneja inapropiadamente la comprobación de firmas en algunas API federation. Los eventos enviados mediante /send_join, /send_leave, y /invite pueden no estar firmados correctamente o no pueden provenir de los servidores esperados. • https://github.com/matrix-org/synapse/pull/6262 • CWE-345: Insufficient Verification of Data Authenticity •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2019-11842 – Ubuntu Security Notice USN-6076-1
https://notcve.org/view.php?id=CVE-2019-11842
09 May 2019 — An issue was discovered in Matrix Sydent before 1.0.3 and Synapse before 0.99.3.1. Random number generation is mishandled, which makes it easier for attackers to predict a Sydent authentication token or a Synapse random ID. Se descubrió un problema en Matrix Sydent, versiones anteriores a 1.0.3, y en Synapse, versiones anteriores a 0.99.3.1. La generación de números aleatorios se maneja incorrectamente, lo que facilita a los atacantes la predicción de un token de autenticación de Sydent o un ID aleatorio de... • https://matrix.org/blog/2019/05/03/security-updates-sydent-1-0-3-synapse-0-99-3-1-and-riot-android-0-9-0-0-8-99-0-8-28-a • CWE-338: Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2019-5885
https://notcve.org/view.php?id=CVE-2019-5885
19 Mar 2019 — Matrix Synapse before 0.34.0.1, when the macaroon_secret_key authentication parameter is not set, uses a predictable value to derive a secret key and other secrets which could allow remote attackers to impersonate users. Matrix Synapse, en versiones anteriores a la 0.34.0.1, cuando el parámetro de autenticación macaroon_secret_key no se establece, emplea un valor predecible para obtener una clave secreta y otros secretos, lo que podría permitir que los atacantes remotos suplanten usuarios. • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/32Y6KD3OAHCG5P33HC2QEX3NUZOSXCGZ • CWE-330: Use of Insufficiently Random Values •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2018-16515
https://notcve.org/view.php?id=CVE-2018-16515
18 Sep 2018 — Matrix Synapse before 0.33.3.1 allows remote attackers to spoof events and possibly have unspecified other impacts by leveraging improper transaction and event signature validation. Matrix Synapse en versiones anteriores a la 0.33.3.1 permite que atacantes remotos suplanten eventos y provoquen otro tipo de impacto sin especificar aprovechando la validación incorrecta de firmas de transacciones y eventos. • https://github.com/matrix-org/synapse/issues/3796#event-1833126269 • CWE-347: Improper Verification of Cryptographic Signature •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2018-12423
https://notcve.org/view.php?id=CVE-2018-12423
14 Jun 2018 — In Synapse before 0.31.2, unauthorised users can hijack rooms when there is no m.room.power_levels event in force. En Synapse en versiones anteriores a la 0.31.2, los usuarios no autorizados pueden secuestrar salas cuando no hay ningún evento m.room.power_levels en aplicación. • https://bugs.debian.org/901549 •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2018-12291
https://notcve.org/view.php?id=CVE-2018-12291
13 Jun 2018 — The on_get_missing_events function in handlers/federation.py in Matrix Synapse before 0.31.1 has a security bug in the get_missing_events federation API where event visibility rules were not applied correctly. La función on_get_missing_events en handlers/federation.py en Matrix Synapse en versiones anteriores a la 0.31.1 tiene un error de seguridad en la API de federación get_missing_events donde las reglas de visibilidad de evento no se aplicaron correctamente. • https://github.com/matrix-org/synapse/pull/3371 •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2018-10657 – Ubuntu Security Notice USN-6076-1
https://notcve.org/view.php?id=CVE-2018-10657
02 May 2018 — Matrix Synapse before 0.28.1 is prone to a denial of service flaw where malicious events injected with depth = 2^63 - 1 render rooms unusable, related to federation/federation_base.py and handlers/message.py, as exploited in the wild in April 2018. Matrix Synapse en versiones anteriores a la 0.28.1 es propenso a un error de denegación de servicio (DoS) en el que los eventos maliciosos inyectados con una profundidad de = 2^63 - 1 hacen que las habitaciones no puedan usarse. Esto está relacionado con federati... • https://github.com/matrix-org/synapse/commit/33f469ba19586bbafa0cf2c7d7c35463bdab87eb • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 3%CPEs: 12EXPL: 1CVE-2017-15708 – Gentoo Linux Security Advisory 202107-37
https://notcve.org/view.php?id=CVE-2017-15708
11 Dec 2017 — In Apache Synapse, by default no authentication is required for Java Remote Method Invocation (RMI). So Apache Synapse 3.0.1 or all previous releases (3.0.0, 2.1.0, 2.0.0, 1.2, 1.1.2, 1.1.1) allows remote code execution attacks that can be performed by injecting specially crafted serialized objects. And the presence of Apache Commons Collections 3.2.1 (commons-collections-3.2.1.jar) or previous versions in Synapse distribution makes this exploitable. To mitigate the issue, we need to limit RMI access to tru... • https://github.com/HuSoul/CVE-2017-15708 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •