Lucene search
GitHub_MCVELIST:CVE-2022-39335HistoryMay 26, 2023 - 1:36 p.m.
CVE-2022-39335 Synapse does not apply enough checks to servers requesting auth events of events in a room
2023-05-2613:36:56
CWE-200
GitHub_M
raw.githubusercontent.com
synapse
matrix homeserver
authorization events
matrix federation api
open-source
security issue
Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. The Matrix Federation API allows remote homeservers to request the authorization events in a room. This is necessary so that a homeserver receiving some events can validate that those events are legitimate and permitted in their room. However, in versions of Synapse up to and including 1.68.0, a Synapse homeserver answering a query for authorization events does not sufficiently check that the requesting server should be able to access them. The issue was patched in Synapse 1.69.0. Homeserver administrators are advised to upgrade.
Related
nessus
nessus
Fedora 37 : matrix-synapse (2023-eb65439ec0)
2023-06-12 00:00:00
veracode
veracode
Access Restriction Bypass
2023-06-02 05:33:46
osv
osv
CVE-2022-39335
2023-05-26 14:15:09
PYSEC-2023-65
2023-05-26 14:15:00
ubuntucve
ubuntucve
CVE-2022-39335
2023-05-26 00:00:00
cve
cve
CVE-2022-39335
2023-05-26 14:15:00
fedora
fedora
[SECURITY] Fedora 37 Update: matrix-synapse-1.63.1-3.fc37
2023-06-11 01:59:34
prion
prion
Authorization
2023-05-26 14:15:00
alpinelinux
alpinelinux
CVE-2022-39335
2023-05-26 14:15:00
github
github
debiancve
debiancve
CVE-2022-39335
2023-05-26 14:15:00
openvas
openvas
Fedora: Security Advisory for matrix-synapse (FEDORA-2023-eb65439ec0)
2023-06-12 00:00:00