Lucene search
K

7 matches found

SUSE CVE
SUSE CVE
added 2023/02/15 4:16 a.m.4 views

SUSE CVE-2019-5885

Matrix Synapse before 0.34.0.1, when the macaroonsecretkey authentication parameter is not set, uses a predictable value to derive a secret key and other secrets which could allow remote attackers to impersonate users...

7.5CVSS7.8AI score0.02418EPSS
Exploits0References3
OSV
OSV
added 2022/05/13 1:8 a.m.17 views

GHSA-JRQM-V8CV-53WW Matrix Synapse Predictable Secret Key

Matrix Synapse before 0.34.0.1, when the macaroonsecretkey authentication parameter is not set, uses a predictable value to derive a secret key and other secrets which could allow remote attackers to impersonate users...

8.7CVSS7.5AI score0.02418EPSS
Exploits0References11
Github Security Blog
Github Security Blog
added 2022/05/13 1:8 a.m.22 views

Matrix Synapse Predictable Secret Key

Matrix Synapse before 0.34.0.1, when the macaroonsecretkey authentication parameter is not set, uses a predictable value to derive a secret key and other secrets which could allow remote attackers to impersonate users...

7.5CVSS7.1AI score0.02418EPSS
Exploits0References11Affected Software1
Veracode
Veracode
added 2019/03/22 1:21 p.m.27 views

User Impersonation

matrix-synapse is vulnerable to user impersonation. If a configuration parameter called macaroonsecretkey is not set, the authentication secret key is derived using a predictable value and other secrets, allowing remote attackers to impersonate users...

7.5CVSS7.4AI score0.02418EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2019/03/21 4:1 p.m.3 views

DEBIAN-CVE-2019-5885

Matrix Synapse before 0.34.0.1, when the macaroonsecretkey authentication parameter is not set, uses a predictable value to derive a secret key and other secrets which could allow remote attackers to impersonate users...

7.5CVSS7.1AI score0.02418EPSS
Exploits0References1
PyPA
PyPA
added 2019/03/21 4:1 p.m.7 views

PYSEC-2019-187

Matrix Synapse before 0.34.0.1, when the macaroonsecretkey authentication parameter is not set, uses a predictable value to derive a secret key and other secrets which could allow remote attackers to impersonate users...

7.5CVSS7.1AI score0.02418EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2019/03/21 4:1 p.m.4 views

UBUNTU-CVE-2019-5885

Matrix Synapse before 0.34.0.1, when the macaroonsecretkey authentication parameter is not set, uses a predictable value to derive a secret key and other secrets which could allow remote attackers to impersonate users...

7.5CVSS7.2AI score0.02418EPSS
Exploits0References4
Rows per page
Query Builder