Lucene search
K

7 matches found

OSV
OSV
added 2024/12/03 6:40 p.m.11 views

GHSA-GJGR-7834-RHXR Synapse's unauthenticated writes to the media repository allow planting of problematic content

Impact Synapse before version 1.106 allows, by design, unauthenticated remote participants to trigger a download and caching of remote media from a remote homeserver to the local media repository. Such content then also becomes available for download from the local homeserver in an unauthenticate...

6.9CVSS5.5AI score0.00419EPSS
Exploits0References5
NVD
NVD
added 2024/12/03 5:15 p.m.19 views

CVE-2024-37303

Synapse is an open-source Matrix homeserver. Synapse before version 1.106 allows, by design, unauthenticated remote participants to trigger a download and caching of remote media from a remote homeserver to the local media repository. Such content then also becomes available for download from the...

5.3CVSS0.00419EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2024/12/03 5:6 p.m.18 views

CVE-2024-37303

Synapse is an open-source Matrix homeserver. Synapse before version 1.106 allows, by design, unauthenticated remote participants to trigger a download and caching of remote media from a remote homeserver to the local media repository. Such content then also becomes available for download from the...

5.3CVSS6.1AI score0.00419EPSS
Exploits0
Cvelist
Cvelist
added 2024/12/03 5:6 p.m.17 views

CVE-2024-37303 Synapse unauthenticated writes to the media repository allow planting of problematic content

Synapse is an open-source Matrix homeserver. Synapse before version 1.106 allows, by design, unauthenticated remote participants to trigger a download and caching of remote media from a remote homeserver to the local media repository. Such content then also becomes available for download from the...

5.3CVSS0.00419EPSS
Exploits0References2
CVE
CVE
added 2024/12/03 5:6 p.m.83 views

CVE-2024-37303

CVE-2024-37303 concerns Synapse before version 1.106, where unauthenticated remote participants could trigger download and caching of remote media into the local media repository, making such content downloadable again from the local server unauthenticated. The underlying issue is an attack surfa...

5.3CVSS5.3AI score0.00419EPSS
Exploits0References2Affected Software1
AlpineLinux
AlpineLinux
added 2024/12/03 5:6 p.m.29 views

CVE-2024-37303

Synapse is an open-source Matrix homeserver. Synapse before version 1.106 allows, by design, unauthenticated remote participants to trigger a download and caching of remote media from a remote homeserver to the local media repository. Such content then also becomes available for download from the...

5.3CVSS7.4AI score0.00419EPSS
Exploits0
Schneier on Security
Schneier on Security
added 2022/05/31 9:12 a.m.20 views

Security and Human Behavior (SHB) 2022

Today is the second day of the fifteenth Workshop on Security and Human Behavior, hosted by Ross Anderson and Alice Hutchings at the University of Cambridge. After two years of having this conference remotely on Zoom, its nice to be back together in person. SHB is a small, annual, invitational...

Exploits0
Rows per page
Query Builder