Fedora 42 : matrix-synapse (2025-9e0e3043af)

The remote Fedora 42 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-9e0e3043af advisory. Update to 1.135.2 ---- Update to 1.135.0 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus h...

Sensitive Information Exposure

Matrix-synapse is vulnerable to information disclosure. The vulnerability is due to improper handling of Sliding Sync, which can leak partial room state changes to users who are no longer in a room, while non-state events remain unaffected...

raiden (>=0.100.2 <=0.100.3rc1) potentially affected by CVE-2024-31208 via matrix-synapse (=0.33.9)

matrix-synapse PYPI version =0.33.9 is affected by a known vulnerability. The following packages have a transitive dependency on matrix-synapse and may be impacted: - raiden =0.100.2, =0.100.3rc1 Source cves: CVE-2024-31208 Source advisory: OSV:PYSEC-2024-50...

matrix-server-isenguard (=0.1.1), matrix-synapse-testutils (>=1.65.0.0 <=1.84.1.0) +7 more potentially affected by CVE-2023-32683 via matrix-synapse (>=0.33.9 <=1.84.1)

matrix-synapse PYPI version =0.33.9, =1.65.0.0, =0.1.2, =0.100.2, =0.1.0, =0.1.0, =0.8.0, =0.8.4 Source cves: CVE-2023-32683 Source advisory: OSV:PYSEC-2023-85...

Matrix 资源管理错误漏洞

Matrix Synapse is a Matrix Management Server implementation from the Matrix Foundation in the UK. Matrix Synapse suffers from a security vulnerability that stems from the fact that if both Synapse and a malicious home server join the same room, the malicious home server can trick Synapse into...

matrix-server-isenguard (=0.1.1), matrix-temp-mail-checker (>=0.1.2 <=0.1.5) +6 more potentially affected by CVE-2022-31152 via matrix-synapse (>=0.33.9 <=1.152.1)

matrix-synapse PYPI version =0.33.9, =0.1.2, =0.100.2, =0.1.0, =0.1.0, =0.8.0, =0.8.4 Source cves: CVE-2022-31152 Source advisory: OSV:PYSEC-2022-262...

matrix-server-isenguard (=0.1.1), matrix-temp-mail-checker (>=0.1.2 <=0.1.5) +6 more potentially affected by CVE-2022-31052 via matrix-synapse (>=0.33.9 <=1.152.1)

matrix-synapse PYPI version =0.33.9, =0.1.2, =0.100.2, =0.1.0, =0.1.0, =0.8.0, =0.8.4 Source cves: CVE-2022-31052 Source advisory: OSV:GHSA-22P3-QRH9-CX32...

matrix-server-isenguard (=0.1.1), matrix-temp-mail-checker (>=0.1.2 <=0.1.5) +6 more potentially affected by CVE-2021-39164 via matrix-synapse (>=0.33.9 <=1.152.1)

matrix-synapse PYPI version =0.33.9, =0.1.2, =0.100.2, =0.1.0, =0.1.0, =0.8.0, =0.8.4 Source cves: CVE-2021-39164 Source advisory: OSV:PYSEC-2021-425...

Denial Of Service (DoS)

matrix-synapse is vulnerable to denial of service. The vulnerability exists due to missing input validation of some parameters on the endpoints used to confirm third-party identifiers...

matrix-server-isenguard (=0.1.1), matrix-temp-mail-checker (>=0.1.2 <=0.1.5) +6 more potentially affected by CVE-2021-21393 via matrix-synapse (>=0.33.9 <=1.152.1)

matrix-synapse PYPI version =0.33.9, =0.1.2, =0.100.2, =0.1.0, =0.1.0, =0.8.0, =0.8.4 Source cves: CVE-2021-21393 Source advisory: OSV:GHSA-JRH7-MHHX-6H88...

Matrix Synapse Cross-Site Scripting Vulnerability (CNVD-2021-24348)

Matrix Synapse is a Matrix Management Server implementation from the Matrix Foundation in the UK. A cross-site scripting vulnerability exists in Matrix Synapse versions prior to 1.27.0, which can be exploited by attackers to access cookies and other browser data...

matrix-server-isenguard (=0.1.1), matrix-temp-mail-checker (>=0.1.2 <=0.1.5) +6 more potentially affected by CVE-2021-21332 via matrix-synapse (>=0.33.9 <=1.152.1)

matrix-synapse PYPI version =0.33.9, =0.1.2, =0.100.2, =0.1.0, =0.1.0, =0.8.0, =0.8.4 Source cves: CVE-2021-21332 Source advisory: OSV:PYSEC-2021-133...

Matrix Synapse 资源管理错误漏洞

Matrix Synapse is a Matrix Management Server implementation from the Matrix Foundation in the UK. Matrix Synapse suffers from a security vulnerability that stems from the fact that a malicious or poorly implemented host server can inject malformed events by specifying different room ids in the pa...

matrix-server-isenguard (=0.1.1), matrix-temp-mail-checker (>=0.1.2 <=0.1.5) +6 more potentially affected by CVE-2020-26890 via matrix-synapse (>=0.33.9 <=1.152.1)

matrix-synapse PYPI version =0.33.9, =0.1.2, =0.100.2, =0.1.0, =0.1.0, =0.8.0, =0.8.4 Source cves: CVE-2020-26890 Source advisory: OSV:PYSEC-2020-237...

py-matrix-synapse -- multiple vulnerabilities

Matrix developers report: The synapse 1.7.1 release includes several security fixes as well as a fix to a bug exposed by the security fixes. All previous releases of Synapse are affected. Administrators are encouraged to upgrade as soon as possible. Fix a bug which could cause room events to be...