CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2021-21273 – Open redirects on some federation and push requests
https://notcve.org/view.php?id=CVE-2021-21273
Synapse is a Matrix reference homeserver written in python (pypi package matrix-synapse). Matrix is an ecosystem for open federated Instant Messaging and VoIP. In Synapse before version 1.25.0, requests to user provided domains were not restricted to external IP addresses when calculating the key validity for third-party invite events and sending push notifications. This could cause Synapse to make requests to internal infrastructure. The type of request was not controlled by the user, although limited modification of request bodies was possible. • https://github.com/matrix-org/synapse/commit/30fba6210834a4ecd91badf0c8f3eb278b72e746 https://github.com/matrix-org/synapse/pull/8821 https://github.com/matrix-org/synapse/releases/tag/v1.25.0 https://github.com/matrix-org/synapse/security/advisories/GHSA-v936-j8gp-9q3p https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TNNAJOZNMVMXM6AS7RFFKB4QLUJ4IFEY • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2021-21274 – Denial of service attack via .well-known lookups
https://notcve.org/view.php?id=CVE-2021-21274
Synapse is a Matrix reference homeserver written in python (pypi package matrix-synapse). Matrix is an ecosystem for open federated Instant Messaging and VoIP. In Synapse before version 1.25.0, a malicious homeserver could redirect requests to their .well-known file to a large file. This can lead to a denial of service attack where homeservers will consume significantly more resources when requesting the .well-known file of a malicious homeserver. This affects any server which accepts federation requests from untrusted servers. • https://github.com/matrix-org/synapse/commit/ff5c4da1289cb5e097902b3e55b771be342c29d6 https://github.com/matrix-org/synapse/pull/8950 https://github.com/matrix-org/synapse/releases/tag/v1.25.0 https://github.com/matrix-org/synapse/security/advisories/GHSA-2hwx-mjrm-v3g8 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TNNAJOZNMVMXM6AS7RFFKB4QLUJ4IFEY • CWE-400: Uncontrolled Resource Consumption CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0CVE-2020-26257 – Denial of service attack via incorrect parameters to federation APIs
https://notcve.org/view.php?id=CVE-2020-26257
Matrix is an ecosystem for open federated Instant Messaging and VoIP. Synapse is a reference "homeserver" implementation of Matrix. A malicious or poorly-implemented homeserver can inject malformed events into a room by specifying a different room id in the path of a `/send_join`, `/send_leave`, `/invite` or `/exchange_third_party_invite` request. This can lead to a denial of service in which future events will not be correctly sent to other servers over federation. This affects any server which accepts federation requests from untrusted servers. • https://github.com/matrix-org/synapse/blob/develop/CHANGES.md#synapse-1231-2020-12-09 https://github.com/matrix-org/synapse/commit/3ce2f303f15f6ac3dc352298972dc6e04d9b7a8b https://github.com/matrix-org/synapse/pull/8776 https://github.com/matrix-org/synapse/security/advisories/GHSA-hxmp-pqch-c8mm https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DBTIU3ZNBFWZ56V4X7JIAD33V5H2GOMC https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QR4MMYZKX5N5GYG • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2020-26890
https://notcve.org/view.php?id=CVE-2020-26890
Matrix Synapse before 1.20.0 erroneously permits non-standard NaN, Infinity, and -Infinity JSON values in fields of m.room.member events, allowing remote attackers to execute a denial of service attack against the federation and common Matrix clients. If such a malformed event is accepted into the room's state, the impact is long-lasting and is not fixed by an upgrade to a newer version, requiring the event to be manually redacted instead. Since events are replicated to servers of other room members, the impact is not constrained to the server of the event sender. Matrix Synapse versiones anteriores a 1.20.0, permite erróneamente valores de JSON NaN, Infinity e -Infinity no estándar en campos de eventos m.room.member, permitiendo a atacantes remotos ejecutar un ataque de denegación de servicio contra la federación y unos clientes comunes de Matrix. Si un evento malformado es aceptado en el estado de la sala, el impacto es duradero y no es corregido con una actualización a una versión más nueva, requiriendo que el evento sea redactado manualmente. • https://github.com/matrix-org/synapse/security/advisories/GHSA-4mp3-385r-v63f https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/G7YXMMYQP46PYL664JQUXCA3LPBJU7DQ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U34DPP4ZLOEDUY2ZCWOHQPU5GA5LYNUQ • CWE-20: Improper Input Validation •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2020-26891
https://notcve.org/view.php?id=CVE-2020-26891
AuthRestServlet in Matrix Synapse before 1.21.0 is vulnerable to XSS due to unsafe interpolation of the session GET parameter. This allows a remote attacker to execute an XSS attack on the domain Synapse is hosted on, by supplying the victim user with a malicious URL to the /_matrix/client/r0/auth/*/fallback/web or /_matrix/client/unstable/auth/*/fallback/web Synapse endpoints. AuthRestServlet en Matrix Synapse versiones anteriores a 1.21.0 es vulnerable a XSS debido a la interpolación insegura del parámetro GET de la sesión. Esto permite a un atacante remoto ejecutar un ataque XSS en el dominio en el que está alojado Synapse, suministrando al usuario víctima una URL maliciosa a los puntos finales de /_matrix/cliente/r0/auth/*/fallback/web o /_matrix/cliente/instable/auth/*/fallback/web Synapse • https://github.com/matrix-org/synapse/pull/8444 https://github.com/matrix-org/synapse/releases/tag/v1.21.2 https://github.com/matrix-org/synapse/security/advisories/GHSA-3x8c-fmpc-5rmq https://matrix.org/blog/2020/10/15/synapse-1-21-2-released-and-security-advisory • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •