CVE-2020-26891
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
AuthRestServlet in Matrix Synapse before 1.21.0 is vulnerable to XSS due to unsafe interpolation of the session GET parameter. This allows a remote attacker to execute an XSS attack on the domain Synapse is hosted on, by supplying the victim user with a malicious URL to the /_matrix/client/r0/auth/*/fallback/web or /_matrix/client/unstable/auth/*/fallback/web Synapse endpoints.
AuthRestServlet en Matrix Synapse versiones anteriores a 1.21.0 es vulnerable a XSS debido a la interpolación insegura del parámetro GET de la sesión. Esto permite a un atacante remoto ejecutar un ataque XSS en el dominio en el que está alojado Synapse, suministrando al usuario víctima una URL maliciosa a los puntos finales de /_matrix/cliente/r0/auth/*/fallback/web o /_matrix/cliente/instable/auth/*/fallback/web Synapse
CVSS Scores
SSVC
- Decision:-
Timeline
- 2020-10-08 CVE Reserved
- 2020-10-19 CVE Published
- 2024-08-04 CVE Updated
- 2024-08-23 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CAPEC
References (4)
| URL | Tag | Source |
|---|---|---|
| https://github.com/matrix-org/synapse/releases/tag/v1.21.2 | Release Notes |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://github.com/matrix-org/synapse/pull/8444 | 2020-10-26 | |
| https://github.com/matrix-org/synapse/security/advisories/GHSA-3x8c-fmpc-5rmq | 2020-10-26 |
| URL | Date | SRC |
|---|---|---|
| https://matrix.org/blog/2020/10/15/synapse-1-21-2-released-and-security-advisory | 2020-10-26 |