Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
fedoraFedoraFEDORA:5FC3620BA6B9
HistoryJun 17, 2023 - 1:24 a.m.

[SECURITY] Fedora 38 Update: matrix-synapse-1.85.2-1.fc38

2023-06-1701:24:03
lists.fedoraproject.org
7
fedora 38
update
matrix-synapse
instant messaging
voip
ecosystem
synapse
homeserver
python
twisted
federated
unix

5.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

4.6 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

48.1%

JSON

Matrix is an ambitious new ecosystem for open federated Instant Messaging and VoIP. Synapse is a reference “homeserver” implementation of Matrix from the core development team at matrix.org, written in Python/Twisted. It is intended to showcase the concept of Matrix and let folks see the spec in the context of a coded base and let you run your own homeserver and generally help bootstrap the ecosystem.

OSVersionArchitecturePackageVersionFilename
Fedora38anymatrix-synapse< 1.85.2UNKNOWN

Related

nessus 1
openvas 1
debiancve 2
alpinelinux 2
cvelist 2
nvd 2
osv 6
github 2
prion 2
ubuntucve 2
cve 2
veracode 3
nessus
nessus
Fedora 38 : matrix-synapse (2023-56760afca8)
2023-06-16 00:00:00
openvas
openvas
Fedora: Security Advisory for matrix-synapse (FEDORA-2023-56760afca8)
2023-06-19 00:00:00
debiancve
debiancve
CVE-2023-32683
2023-06-06 19:15:11
CVE-2023-32682
2023-06-06 19:15:11
alpinelinux
alpinelinux
CVE-2023-32683
2023-06-06 19:15:11
CVE-2023-32682
2023-06-06 19:15:11
cvelist
cvelist
CVE-2023-32683 URL deny list bypass via oEmbed and image URLs when generating previews in Synapse
2023-06-06 18:24:30
CVE-2023-32682 Improper checks for deactivated users during login in synapse
2023-06-06 18:20:14
nvd
nvd
CVE-2023-32683
2023-06-06 19:15:11
CVE-2023-32682
2023-06-06 19:15:11
osv
osv
Synapse has URL deny list bypass via oEmbed and image URLs when generating previews
2023-06-06 16:41:34
PYSEC-2023-84
2023-06-06 19:15:00
Synapse has improper checks for deactivated users during login
2023-06-06 16:40:42
github
github
Synapse has URL deny list bypass via oEmbed and image URLs when generating previews
2023-06-06 16:41:34
Synapse has improper checks for deactivated users during login
2023-06-06 16:40:42
prion
prion
Server side request forgery (ssrf)
2023-06-06 19:15:00
Design/Logic Flaw
2023-06-06 19:15:00
ubuntucve
ubuntucve
CVE-2023-32682
2023-06-06 00:00:00
CVE-2023-32683
2023-06-06 00:00:00
cve
cve
CVE-2023-32682
2023-06-06 19:15:11
CVE-2023-32683
2023-06-06 19:15:11
veracode
veracode
Missing Authorization Checks
2023-09-13 09:51:18
Authorization Bypass
2023-06-16 11:15:44
Server-Side Request Forgery
2023-06-16 11:49:32

5.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

4.6 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

48.1%

JSON
Related for FEDORA:5FC3620BA6B9
nessus1openvas1debiancve2alpinelinux2cvelist2nvd2osv6github2prion2ubuntucve2cve2veracode3