Lucene search

[email protected]CVE-2023-32683

HistoryJun 06, 2023 - 7:15 p.m.

CVE-2023-32683

2023-06-0619:15:11

CWE-918

CWE-863

[email protected]

web.nvd.nist.gov

114

synapse

matrix

protocol

server

ssrf

oembed

image url

ip blacklist

security

vulnerability

nvd

5.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

5.2 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

41.3%

JSON

Synapse is a Matrix protocol homeserver written in Python with the Twisted framework. A discovered oEmbed or image URL can bypass the url_preview_url_blacklist setting potentially allowing server side request forgery or bypassing network policies. Impact is limited to IP addresses allowed by the url_preview_ip_range_blacklist setting (by default this only allows public IPs) and by the limited information returned to the client: 1. For discovered oEmbed URLs, any non-JSON response or a JSON response which includes non-oEmbed information is discarded. 2. For discovered image URLs, any non-image response is discarded. Systems which have URL preview disabled (via the url_preview_enabled setting) or have not configured a url_preview_url_blacklist are not affected. This issue has been addressed in version 1.85.0. Users are advised to upgrade. User unable to upgrade may also disable URL previews.

Affected configurations

Vulners

NVD

Node

matrix-orgsynapseRange<1.85.0

CPENameOperatorVersion
matrix:synapsematrix synapselt1.85.0

CPE	Name	Operator	Version
matrix:synapse	matrix synapse	lt	1.85.0

CNA Affected

[
  {
    "vendor": "matrix-org",
    "product": "synapse",
    "versions": [
      {
        "version": "< 1.85.0",
        "status": "affected"
      }
    ]
  }
]