Lucene search
K

6 matches found

Tenable Nessus
Tenable Nessus
added 2023/06/16 12:0 a.m.18 views

Fedora 38 : matrix-synapse (2023-56760afca8)

The remote Fedora 38 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-56760afca8 advisory. Update to v1.85.2 ---- Update to v1.85.1 ---- Update to v1.85.0 Fixes CVE-2023-32682, CVE-2023-32683 ---- Update to v1.84.1 Tenable has extracted th...

5.4CVSS6.2AI score0.00752EPSS
Exploits0References3
NVD
NVD
added 2023/06/06 7:15 p.m.14 views

CVE-2023-32683

Synapse is a Matrix protocol homeserver written in Python with the Twisted framework. A discovered oEmbed or image URL can bypass the urlpreviewurlblacklist setting potentially allowing server side request forgery or bypassing network policies. Impact is limited to IP addresses allowed by the...

5.4CVSS4.5AI score0.00605EPSS
Exploits0References3
vulnersOsv
vulnersOsv
added 2023/06/06 7:15 p.m.8 views

matrix-server-isenguard (>=0.1.1 <=0.2.0), matrix-synapse-testutils (>=1.65.0.0 <=1.84.1.0) +7 more potentially affected by CVE-2023-32683 via matrix-synapse (>=0.33.9 <=1.84.1)

matrix-synapse PYPI version =0.33.9, =0.1.1, =1.65.0.0, =0.1.2, =0.100.2, =0.1.0, =0.1.0, =0.8.0, =0.8.4 Source cves: CVE-2023-32683 Source advisory: OSV:PYSEC-2023-85...

5.4CVSS6.2AI score0.00605EPSS
Exploits0
Vulnrichment
Vulnrichment
added 2023/06/06 6:24 p.m.8 views

CVE-2023-32683 URL deny list bypass via oEmbed and image URLs when generating previews in Synapse

Synapse is a Matrix protocol homeserver written in Python with the Twisted framework. A discovered oEmbed or image URL can bypass the urlpreviewurlblacklist setting potentially allowing server side request forgery or bypassing network policies. Impact is limited to IP addresses allowed by the...

3.5CVSS6.9AI score0.00605EPSS
Exploits0References3
AlpineLinux
AlpineLinux
added 2023/06/06 6:24 p.m.26 views

CVE-2023-32683

Synapse is a Matrix protocol homeserver written in Python with the Twisted framework. A discovered oEmbed or image URL can bypass the urlpreviewurlblacklist setting potentially allowing server side request forgery or bypassing network policies. Impact is limited to IP addresses allowed by the...

5.4CVSS4.6AI score0.00605EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2023/06/06 4:41 p.m.4 views

matrix-server-isenguard (>=0.1.1 <=0.2.0), matrix-synapse-testutils (>=1.65.0.0 <=1.84.1.0) +7 more potentially affected by CVE-2023-32683 via matrix-synapse (>=0.33.9 <=1.84.1)

matrix-synapse PYPI version =0.33.9, =0.1.1, =1.65.0.0, =0.1.2, =0.100.2, =0.1.0, =0.1.0, =0.8.0, =0.8.4 Source cves: CVE-2023-32683 Source advisory: OSV:GHSA-98PX-6486-J7QC...

5.4CVSS6.2AI score0.00605EPSS
Exploits0
Rows per page
Query Builder