The vulnerability of the driver that enables the operation of RAID arrays in Matrix Storage Manager, due to deficiencies in access control, allows a hacker to increase their privileges.

The vulnerability of the driver that enables the operation of RAID arrays in Matrix Storage Manager is related to deficiencies in access control. Exploiting this vulnerability can allow an attacker to gain elevated privileges...

openSUSE Security Update : matrix-synapse (openSUSE-2019-475)

This update for matrix-synapse fixes the following security issue : - CVE-2018-12291: visibility rules were not applied correctly in the getmissingevents federation API boo1096833 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were...

User Impersonation

matrix-synapse is vulnerable to user impersonation. If a configuration parameter called macaroonsecretkey is not set, the authentication secret key is derived using a predictable value and other secrets, allowing remote attackers to impersonate users...

CVE-2019-5885

Matrix Synapse before 0.34.0.1, when the macaroonsecretkey authentication parameter is not set, uses a predictable value to derive a secret key and other secrets which could allow remote attackers to impersonate users...

DEBIAN-CVE-2019-5885

Matrix Synapse before 0.34.0.1, when the macaroonsecretkey authentication parameter is not set, uses a predictable value to derive a secret key and other secrets which could allow remote attackers to impersonate users...

CVE-2019-5885

Matrix Synapse before 0.34.0.1, when the macaroonsecretkey authentication parameter is not set, uses a predictable value to derive a secret key and other secrets which could allow remote attackers to impersonate users...

Authentication flaw

Matrix Synapse before 0.34.0.1, when the macaroonsecretkey authentication parameter is not set, uses a predictable value to derive a secret key and other secrets which could allow remote attackers to impersonate users...

PYSEC-2019-187

Matrix Synapse before 0.34.0.1, when the macaroonsecretkey authentication parameter is not set, uses a predictable value to derive a secret key and other secrets which could allow remote attackers to impersonate users...

CVE-2019-5885

Matrix Synapse before 0.34.0.1, when the macaroonsecretkey authentication parameter is not set, uses a predictable value to derive a secret key and other secrets which could allow remote attackers to impersonate users...

raiden (>=0.100.2 <=0.100.3rc1) potentially affected by CVE-2019-5885 via matrix-synapse (=0.33.9)

matrix-synapse PYPI version =0.33.9 is affected by a known vulnerability. The following packages have a transitive dependency on matrix-synapse and may be impacted: - raiden =0.100.2, =0.100.3rc1 Source cves: CVE-2019-5885 Source advisory: OSV:PYSEC-2019-187...

UBUNTU-CVE-2019-5885

Matrix Synapse before 0.34.0.1, when the macaroonsecretkey authentication parameter is not set, uses a predictable value to derive a secret key and other secrets which could allow remote attackers to impersonate users...

PYSEC-2019-187

Matrix Synapse before 0.34.0.1, when the macaroonsecretkey authentication parameter is not set, uses a predictable value to derive a secret key and other secrets which could allow remote attackers to impersonate users...

CVE-2019-5885

CVE-2019-5885 affects Matrix Synapse prior to 0.34.0.1. When the macaroon_secret_key parameter is not set, a predictable value is used to derive a secret key (and other secrets), which could allow remote attackers to impersonate users. The issue is documented across multiple sources (including a ...

CVE-2019-5885

Matrix Synapse before 0.34.0.1, when the macaroonsecretkey authentication parameter is not set, uses a predictable value to derive a secret key and other secrets which could allow remote attackers to impersonate users...

CVE-2019-5885

Matrix Synapse before 0.34.0.1, when the macaroonsecretkey authentication parameter is not set, uses a predictable value to derive a secret key and other secrets which could allow remote attackers to impersonate users...

Intel Matrix Storage Manager Privilege Permission and Access Control Issues Vulnerability

Intel Matrix Storage Manager is a matrix storage manager from Intel USA. The product is able to communicate with Intel I/O controllers, SATA ports. Intel Matrix Storage Manager is vulnerable to privilege permission and access control issues. An attacker could exploit this vulnerability to elevate...

CVE-2019-1003031

A flaw was found in the Jenkins Matrix Project plugin version 1.13. An attacker with Job/Configure permission can bypass the sandbox and can execute arbitrary code on the Jenkins master JVM. The highest threat from this vulnerability is to data confidentiality and integrity as well as system...

CVE-2019-0121

Improper permissions in IntelR Matrix Storage Manager 8.9.0.1023 and before may allow an authenticated user to potentially enable escalation of privilege via local access...

CVE-2019-0121

Improper permissions in IntelR Matrix Storage Manager 8.9.0.1023 and before may allow an authenticated user to potentially enable escalation of privilege via local access...

Input validation

Improper permissions in IntelR Matrix Storage Manager 8.9.0.1023 and before may allow an authenticated user to potentially enable escalation of privilege via local access...