Lucene search

CVE-2023-41335

🗓️ 27 Sep 2023 15:30:19Reported by GitHub_MType

Synapse Matrix homeserver briefly stores updated user passwords in databas

Reporter	Title	Published	Views	Family All 23
Debian CVE	CVE-2023-41335	27 Sep 202315:19	–	debiancve
OSV	PYSEC-2023-185	27 Sep 202315:19	–	osv
OSV	matrix-synapse vulnerable to temporary storage of plaintext passwords during password changes	26 Sep 202318:55	–	osv
OSV	CVE-2023-41335	27 Sep 202315:19	–	osv
OSV	matrix-synapse-1.93.0-1.1 on GA media	15 Jun 202400:00	–	osv
Github Security Blog	matrix-synapse vulnerable to temporary storage of plaintext passwords during password changes	26 Sep 202318:55	–	github
AlpineLinux	CVE-2023-41335	27 Sep 202315:19	–	alpinelinux
UbuntuCve	CVE-2023-41335	27 Sep 202300:00	–	ubuntucve
NVD	CVE-2023-41335	27 Sep 202315:19	–	nvd
Prion	Authentication flaw	27 Sep 202315:19	–	prion

Nvd

Vulners

Node

matrix synapseRange1.66.0–1.93.0

Node

fedoraproject fedoraMatch37

fedoraproject fedoraMatch38

[
  {
    "vendor": "matrix-org",
    "product": "synapse",
    "versions": [
      {
        "version": ">= 1.66.0, < 1.93.0",
        "status": "affected"
      }
    ]
  }
]

Source	Link
github	www.github.com/matrix-org/synapse/security/advisories/GHSA-4f74-84v3-j9q5
lists	www.lists.fedoraproject.org/archives/list/[email protected]/message/65QPC55I4D27HIZP7H2NQ34EOXHPP4AO/
security	www.security.gentoo.org/glsa/202401-12
lists	www.lists.fedoraproject.org/archives/list/[email protected]/message/2AFB2Y3S2VCPCN5P2XCZTG24MBMZ7DM4/
lists	www.lists.fedoraproject.org/archives/list/[email protected]/message/N6P4QULVUE254WI7XF2LWWOGHCYVFXFY/
github	www.github.com/matrix-org/synapse/pull/16272

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

27 Sep 2023 15:19Current

4.3Medium risk

Vulners AI Score4.3

CVSS33.7

EPSS0.001

CWE-312