CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2021-21273 – Open redirects on some federation and push requests
https://notcve.org/view.php?id=CVE-2021-21273
26 Feb 2021 — Synapse is a Matrix reference homeserver written in python (pypi package matrix-synapse). Matrix is an ecosystem for open federated Instant Messaging and VoIP. In Synapse before version 1.25.0, requests to user provided domains were not restricted to external IP addresses when calculating the key validity for third-party invite events and sending push notifications. This could cause Synapse to make requests to internal infrastructure. The type of request was not controlled by the user, although limited modi... • https://github.com/matrix-org/synapse/commit/30fba6210834a4ecd91badf0c8f3eb278b72e746 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2021-21274 – Denial of service attack via .well-known lookups
https://notcve.org/view.php?id=CVE-2021-21274
26 Feb 2021 — Synapse is a Matrix reference homeserver written in python (pypi package matrix-synapse). Matrix is an ecosystem for open federated Instant Messaging and VoIP. In Synapse before version 1.25.0, a malicious homeserver could redirect requests to their .well-known file to a large file. This can lead to a denial of service attack where homeservers will consume significantly more resources when requesting the .well-known file of a malicious homeserver. This affects any server which accepts federation requests fr... • https://github.com/matrix-org/synapse/commit/ff5c4da1289cb5e097902b3e55b771be342c29d6 • CWE-400: Uncontrolled Resource Consumption CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0CVE-2020-26257 – Denial of service attack via incorrect parameters to federation APIs
https://notcve.org/view.php?id=CVE-2020-26257
09 Dec 2020 — Matrix is an ecosystem for open federated Instant Messaging and VoIP. Synapse is a reference "homeserver" implementation of Matrix. A malicious or poorly-implemented homeserver can inject malformed events into a room by specifying a different room id in the path of a `/send_join`, `/send_leave`, `/invite` or `/exchange_third_party_invite` request. This can lead to a denial of service in which future events will not be correctly sent to other servers over federation. This affects any server which accepts fed... • https://github.com/matrix-org/synapse/blob/develop/CHANGES.md#synapse-1231-2020-12-09 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2020-26890
https://notcve.org/view.php?id=CVE-2020-26890
24 Nov 2020 — Matrix Synapse before 1.20.0 erroneously permits non-standard NaN, Infinity, and -Infinity JSON values in fields of m.room.member events, allowing remote attackers to execute a denial of service attack against the federation and common Matrix clients. If such a malformed event is accepted into the room's state, the impact is long-lasting and is not fixed by an upgrade to a newer version, requiring the event to be manually redacted instead. Since events are replicated to servers of other room members, the im... • https://github.com/matrix-org/synapse/security/advisories/GHSA-4mp3-385r-v63f • CWE-20: Improper Input Validation •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2020-26891
https://notcve.org/view.php?id=CVE-2020-26891
19 Oct 2020 — AuthRestServlet in Matrix Synapse before 1.21.0 is vulnerable to XSS due to unsafe interpolation of the session GET parameter. This allows a remote attacker to execute an XSS attack on the domain Synapse is hosted on, by supplying the victim user with a malicious URL to the /_matrix/client/r0/auth/*/fallback/web or /_matrix/client/unstable/auth/*/fallback/web Synapse endpoints. AuthRestServlet en Matrix Synapse versiones anteriores a 1.21.0 es vulnerable a XSS debido a la interpolación insegura del parámetr... • https://github.com/matrix-org/synapse/pull/8444 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2019-18835
https://notcve.org/view.php?id=CVE-2019-18835
07 Nov 2019 — Matrix Synapse before 1.5.0 mishandles signature checking on some federation APIs. Events sent over /send_join, /send_leave, and /invite may not be correctly signed, or may not come from the expected servers. Matrix Synapse versiones anteriores a 1.5.0, maneja inapropiadamente la comprobación de firmas en algunas API federation. Los eventos enviados mediante /send_join, /send_leave, y /invite pueden no estar firmados correctamente o no pueden provenir de los servidores esperados. • https://github.com/matrix-org/synapse/pull/6262 • CWE-345: Insufficient Verification of Data Authenticity •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2019-11842 – Ubuntu Security Notice USN-6076-1
https://notcve.org/view.php?id=CVE-2019-11842
09 May 2019 — An issue was discovered in Matrix Sydent before 1.0.3 and Synapse before 0.99.3.1. Random number generation is mishandled, which makes it easier for attackers to predict a Sydent authentication token or a Synapse random ID. Se descubrió un problema en Matrix Sydent, versiones anteriores a 1.0.3, y en Synapse, versiones anteriores a 0.99.3.1. La generación de números aleatorios se maneja incorrectamente, lo que facilita a los atacantes la predicción de un token de autenticación de Sydent o un ID aleatorio de... • https://matrix.org/blog/2019/05/03/security-updates-sydent-1-0-3-synapse-0-99-3-1-and-riot-android-0-9-0-0-8-99-0-8-28-a • CWE-338: Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2019-5885
https://notcve.org/view.php?id=CVE-2019-5885
19 Mar 2019 — Matrix Synapse before 0.34.0.1, when the macaroon_secret_key authentication parameter is not set, uses a predictable value to derive a secret key and other secrets which could allow remote attackers to impersonate users. Matrix Synapse, en versiones anteriores a la 0.34.0.1, cuando el parámetro de autenticación macaroon_secret_key no se establece, emplea un valor predecible para obtener una clave secreta y otros secretos, lo que podría permitir que los atacantes remotos suplanten usuarios. • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/32Y6KD3OAHCG5P33HC2QEX3NUZOSXCGZ • CWE-330: Use of Insufficiently Random Values •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2018-16515
https://notcve.org/view.php?id=CVE-2018-16515
18 Sep 2018 — Matrix Synapse before 0.33.3.1 allows remote attackers to spoof events and possibly have unspecified other impacts by leveraging improper transaction and event signature validation. Matrix Synapse en versiones anteriores a la 0.33.3.1 permite que atacantes remotos suplanten eventos y provoquen otro tipo de impacto sin especificar aprovechando la validación incorrecta de firmas de transacciones y eventos. • https://github.com/matrix-org/synapse/issues/3796#event-1833126269 • CWE-347: Improper Verification of Cryptographic Signature •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2018-12423
https://notcve.org/view.php?id=CVE-2018-12423
14 Jun 2018 — In Synapse before 0.31.2, unauthorised users can hijack rooms when there is no m.room.power_levels event in force. En Synapse en versiones anteriores a la 0.31.2, los usuarios no autorizados pueden secuestrar salas cuando no hay ningún evento m.room.power_levels en aplicación. • https://bugs.debian.org/901549 •