Synapse@* Security Vulnerabilities and Issues — Synapse@* CVE List

Lucene search

MatrixSynapse*

4 matches found

CVE•added 2018/09/18 9:29 p.m.•57 views

CVE-2018-16515

Matrix Synapse before 0.33.3.1 allows remote attackers to spoof events and possibly have unspecified other impacts by leveraging improper transaction and event signature validation.

8.8CVSS8.8AI score0.00569EPSS

CVE•added 2018/05/02 4:29 p.m.•55 views

CVE-2018-10657

Matrix Synapse before 0.28.1 is prone to a denial of service flaw where malicious events injected with depth = 2^63 - 1 render rooms unusable, related to federation/federation_base.py and handlers/message.py, as exploited in the wild in April 2018.

7.5CVSS7.2AI score0.00402EPSS

CVE•added 2018/06/13 2:29 p.m.•44 views

CVE-2018-12291

The on_get_missing_events function in handlers/federation.py in Matrix Synapse before 0.31.1 has a security bug in the get_missing_events federation API where event visibility rules were not applied correctly.

7.5CVSS7.4AI score0.00211EPSS

CVE•added 2018/06/14 9:29 p.m.•43 views

CVE-2018-12423

In Synapse before 0.31.2, unauthorised users can hijack rooms when there is no m.room.power_levels event in force.

7.5CVSS7.4AI score0.00349EPSS