CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2020-26890
https://notcve.org/view.php?id=CVE-2020-26890
Matrix Synapse before 1.20.0 erroneously permits non-standard NaN, Infinity, and -Infinity JSON values in fields of m.room.member events, allowing remote attackers to execute a denial of service attack against the federation and common Matrix clients. If such a malformed event is accepted into the room's state, the impact is long-lasting and is not fixed by an upgrade to a newer version, requiring the event to be manually redacted instead. Since events are replicated to servers of other room members, the impact is not constrained to the server of the event sender. Matrix Synapse versiones anteriores a 1.20.0, permite erróneamente valores de JSON NaN, Infinity e -Infinity no estándar en campos de eventos m.room.member, permitiendo a atacantes remotos ejecutar un ataque de denegación de servicio contra la federación y unos clientes comunes de Matrix. Si un evento malformado es aceptado en el estado de la sala, el impacto es duradero y no es corregido con una actualización a una versión más nueva, requiriendo que el evento sea redactado manualmente. • https://github.com/matrix-org/synapse/security/advisories/GHSA-4mp3-385r-v63f https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/G7YXMMYQP46PYL664JQUXCA3LPBJU7DQ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U34DPP4ZLOEDUY2ZCWOHQPU5GA5LYNUQ • CWE-20: Improper Input Validation •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2020-26891
https://notcve.org/view.php?id=CVE-2020-26891
AuthRestServlet in Matrix Synapse before 1.21.0 is vulnerable to XSS due to unsafe interpolation of the session GET parameter. This allows a remote attacker to execute an XSS attack on the domain Synapse is hosted on, by supplying the victim user with a malicious URL to the /_matrix/client/r0/auth/*/fallback/web or /_matrix/client/unstable/auth/*/fallback/web Synapse endpoints. AuthRestServlet en Matrix Synapse versiones anteriores a 1.21.0 es vulnerable a XSS debido a la interpolación insegura del parámetro GET de la sesión. Esto permite a un atacante remoto ejecutar un ataque XSS en el dominio en el que está alojado Synapse, suministrando al usuario víctima una URL maliciosa a los puntos finales de /_matrix/cliente/r0/auth/*/fallback/web o /_matrix/cliente/instable/auth/*/fallback/web Synapse • https://github.com/matrix-org/synapse/pull/8444 https://github.com/matrix-org/synapse/releases/tag/v1.21.2 https://github.com/matrix-org/synapse/security/advisories/GHSA-3x8c-fmpc-5rmq https://matrix.org/blog/2020/10/15/synapse-1-21-2-released-and-security-advisory • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2019-18835
https://notcve.org/view.php?id=CVE-2019-18835
Matrix Synapse before 1.5.0 mishandles signature checking on some federation APIs. Events sent over /send_join, /send_leave, and /invite may not be correctly signed, or may not come from the expected servers. Matrix Synapse versiones anteriores a 1.5.0, maneja inapropiadamente la comprobación de firmas en algunas API federation. Los eventos enviados mediante /send_join, /send_leave, y /invite pueden no estar firmados correctamente o no pueden provenir de los servidores esperados. • https://github.com/matrix-org/synapse/pull/6262 https://github.com/matrix-org/synapse/releases/tag/v1.5.0 • CWE-345: Insufficient Verification of Data Authenticity •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2019-11842
https://notcve.org/view.php?id=CVE-2019-11842
An issue was discovered in Matrix Sydent before 1.0.3 and Synapse before 0.99.3.1. Random number generation is mishandled, which makes it easier for attackers to predict a Sydent authentication token or a Synapse random ID. Se descubrió un problema en Matrix Sydent, versiones anteriores a 1.0.3, y en Synapse, versiones anteriores a 0.99.3.1. La generación de números aleatorios se maneja incorrectamente, lo que facilita a los atacantes la predicción de un token de autenticación de Sydent o un ID aleatorio de Synapse. • https://matrix.org/blog/2019/05/03/security-updates-sydent-1-0-3-synapse-0-99-3-1-and-riot-android-0-9-0-0-8-99-0-8-28-a • CWE-338: Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2019-5885
https://notcve.org/view.php?id=CVE-2019-5885
Matrix Synapse before 0.34.0.1, when the macaroon_secret_key authentication parameter is not set, uses a predictable value to derive a secret key and other secrets which could allow remote attackers to impersonate users. Matrix Synapse, en versiones anteriores a la 0.34.0.1, cuando el parámetro de autenticación macaroon_secret_key no se establece, emplea un valor predecible para obtener una clave secreta y otros secretos, lo que podría permitir que los atacantes remotos suplanten usuarios. • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/32Y6KD3OAHCG5P33HC2QEX3NUZOSXCGZ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VMCLO5PUPBA756UKY72PKUWL4RRM4W6K https://matrix.org/blog/2019/01/10/critical-security-update-synapse-0-34-0-1-synapse-0-34-1-1 https://matrix.org/blog/2019/01/15/further-details-on-critical-security-update-in-synapse-affecting-all-versions-prior-to-0-34-1-cve-2019-5885 • CWE-330: Use of Insufficiently Random Values •