Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
fedoraFedoraFEDORA:BB2EE307F420
HistoryAug 02, 2021 - 1:05 a.m.

[SECURITY] Fedora 34 Update: matrix-synapse-1.38.1-1.fc34

2021-08-0201:05:20
lists.fedoraproject.org
10

5.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

8.2 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N

5.9 Medium

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

57.3%

JSON

Matrix is an ambitious new ecosystem for open federated Instant Messaging and VoIP. Synapse is a reference “homeserver” implementation of Matrix from the core development team at matrix.org, written in Python/Twisted. It is intended to showcase the concept of Matrix and let folks see the spec in the context of a coded base and let you run your own homeserver and generally help bootstrap the ecosystem.

OSVersionArchitecturePackageVersionFilename
Fedora34anymatrix-synapse< 1.38.1UNKNOWN

Related

openvas 1
cvelist 8
osv 24
prion 8
github 8
veracode 9
debiancve 8
nvd 8
cve 8
ubuntucve 8
freebsd 1
nessus 1
redhatcve 3
archlinux 1
alpinelinux 1
openvas
openvas
Fedora: Security Advisory for matrix-synapse (FEDORA-2021-a627cfd31e)
2021-08-02 00:00:00
cvelist
cvelist
CVE-2021-21273 Open redirects on some federation and push requests
2021-02-26 17:25:29
CVE-2021-21333 HTML injection in email and account expiry notifications
2021-03-26 20:00:19
CVE-2021-21274 Denial of service attack via .well-known lookups
2021-02-26 17:25:16
osv
osv
Denial of service (via resource exhaustion) due to improper input validation on groups/communities endpoints
2021-04-13 15:12:40
Denial of service attack via .well-known lookups
2021-03-01 19:34:54
PYSEC-2021-134
2021-03-26 20:15:00
prion
prion
Design/Logic Flaw
2021-03-26 20:15:00
Cross site request forgery (csrf)
2021-02-26 18:15:00
Input validation
2021-04-12 22:15:00
github
github
HTML injection in email and account expiry notifications
2021-03-26 19:53:04
Open redirects on some federation and push requests
2021-02-26 17:28:34
Cross-site scripting (XSS) vulnerability in the password reset endpoint
2021-03-26 19:52:54
veracode
veracode
Insecure Access Controls
2021-02-28 01:22:05
HTML Injection
2021-03-27 22:52:41
Denial Of Service (DoS)
2021-04-13 15:33:42
debiancve
debiancve
CVE-2021-21274
2021-02-26 18:15:12
CVE-2021-21333
2021-03-26 20:15:11
CVE-2021-21332
2021-03-26 20:15:11
nvd
nvd
CVE-2021-21393
2021-04-12 22:15:13
CVE-2021-21273
2021-02-26 18:15:12
CVE-2021-21332
2021-03-26 20:15:11
cve
cve
CVE-2021-21274
2021-02-26 18:15:12
CVE-2021-21273
2021-02-26 18:15:12
CVE-2021-21333
2021-03-26 20:15:11
ubuntucve
ubuntucve
CVE-2021-21333
2021-03-26 00:00:00
CVE-2021-21273
2021-02-26 00:00:00
CVE-2021-29471
2021-05-11 00:00:00
freebsd
freebsd
py-matrix-synapse -- malicious push rules may be used for a denial of service attack.
2021-05-11 00:00:00
nessus
nessus
FreeBSD : py-matrix-synapse -- malicious push rules may be used for a denial of service attack. (278561d7-b261-11eb-b788-901b0e934d69)
2021-05-12 00:00:00
redhatcve
redhatcve
CVE-2021-29471
2022-05-20 23:06:45
CVE-2021-21332
2022-05-20 23:25:56
CVE-2021-21394
2022-05-20 22:28:48
archlinux
archlinux
[ASA-202105-19] matrix-synapse: denial of service
2021-05-25 00:00:00
alpinelinux
alpinelinux
CVE-2021-29471
2021-05-11 15:15:08

5.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

8.2 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N

5.9 Medium

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

57.3%

JSON
Related for FEDORA:BB2EE307F420
openvas1cvelist8osv24prion8github8veracode9debiancve8nvd8cve8ubuntucve8freebsd1nessus1redhatcve3archlinux1alpinelinux1