10 matches found
Improper Authentication
Matrix Media Repo MMR is vulnerable to Improper Authentication. The vulnerability is due to MMR's design, which allows unauthenticated remote participants to trigger the download and caching of remote media from a remote homeserver to the local repository, enabling adversaries to plant problemati...
GO-2025-3397 matrix-media-repo (MMR) allows unauthenticated writes to the media repository, which may allow planting of problematic content in github.com/t2bot/matrix-media-repo
matrix-media-repo MMR allows unauthenticated writes to the media repository, which may allow planting of problematic content in github.com/t2bot/matrix-media-repo...
CVE-2024-36402
CVE-2024-36402 affects Matrix Media Repo (MMR) prior to 1.3.5. Unauthenticated remote participants could trigger remote media download/cache into the local media repo, making content available for unauthenticated download and enabling planting problematic content. The issue is partially mitigated...
CVE-2024-36402 Unauthenticated writes to the media repository allow planting of problematic content in Matrix Media Repo
Matrix Media Repo MMR is a highly configurable multi-homeserver media repository for Matrix. MMR before version 1.3.5 allows, by design, unauthenticated remote participants to trigger a download and caching of remote media from a remote homeserver to the local media repository. Such content then...
matrix-media-repo (MMR) allows unauthenticated writes to the media repository, which may allow planting of problematic content
Impact MMR before version 1.3.5 allows, by design, unauthenticated remote participants to trigger a download and caching of remote media from a remote homeserver to the local media repository. Such content then also becomes available for download from the local homeserver in an unauthenticated wa...
GHSA-8VMR-H7H5-CQHG matrix-media-repo (MMR) allows unauthenticated writes to the media repository, which may allow planting of problematic content
Impact MMR before version 1.3.5 allows, by design, unauthenticated remote participants to trigger a download and caching of remote media from a remote homeserver to the local media repository. Such content then also becomes available for download from the local homeserver in an unauthenticated wa...
GHSA-GJGR-7834-RHXR Synapse's unauthenticated writes to the media repository allow planting of problematic content
Impact Synapse before version 1.106 allows, by design, unauthenticated remote participants to trigger a download and caching of remote media from a remote homeserver to the local media repository. Such content then also becomes available for download from the local homeserver in an unauthenticate...
CVE-2024-37303 Synapse unauthenticated writes to the media repository allow planting of problematic content
Synapse is an open-source Matrix homeserver. Synapse before version 1.106 allows, by design, unauthenticated remote participants to trigger a download and caching of remote media from a remote homeserver to the local media repository. Such content then also becomes available for download from the...
CVE-2024-37303 Synapse unauthenticated writes to the media repository allow planting of problematic content
Synapse is an open-source Matrix homeserver. Synapse before version 1.106 allows, by design, unauthenticated remote participants to trigger a download and caching of remote media from a remote homeserver to the local media repository. Such content then also becomes available for download from the...
CVE-2024-37303
Synapse is an open-source Matrix homeserver. Synapse before version 1.106 allows, by design, unauthenticated remote participants to trigger a download and caching of remote media from a remote homeserver to the local media repository. Such content then also becomes available for download from the...