Synapse@* Security Vulnerabilities and Issues — Synapse@* CVE List

Lucene search

MatrixSynapse*

9 matches found

CVE•added 2023/06/06 7:15 p.m.•146 views

CVE-2023-32682

Synapse is a Matrix protocol homeserver written in Python with the Twisted framework. In affected versions it may be possible for a deactivated user to login when using uncommon configurations. This only applies if any of the following are true: 1. JSON Web Tokens are enabled for login via the jwt_...

5.4CVSS5.3AI score0.00675EPSS

CVE•added 2023/06/06 7:15 p.m.•136 views

CVE-2023-32683

Synapse is a Matrix protocol homeserver written in Python with the Twisted framework. A discovered oEmbed or image URL can bypass the url_preview_url_blacklist setting potentially allowing server side request forgery or bypassing network policies. Impact is limited to IP addresses allowed by the ur...

5.4CVSS4.4AI score0.00251EPSS

CVE•added 2023/09/27 3:19 p.m.•73 views

CVE-2023-41335

Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. When users update their passwords, the new credentials may be briefly held in the server database. While this doesn't grant the server any added capabilities—it already learns the users' passwords as pa...

3.7CVSS4.3AI score0.00076EPSS

CVE•added 2023/05/26 2:15 p.m.•69 views

CVE-2022-39335

Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. The Matrix Federation API allows remote homeservers to request the authorization events in a room. This is necessary so that a homeserver receiving some events can validate that those events are legitim...

5CVSS5.1AI score0.00129EPSS

CVE•added 2023/09/27 3:19 p.m.•61 views

CVE-2023-42453

Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. Users were able to forge read receipts for any event (if they knew the room ID and event ID). Note that the users were not able to view the events, but simply mark it as read. This could be confusing as...

4.3CVSS4.4AI score0.00097EPSS

CVE•added 2023/05/26 2:15 p.m.•52 views

CVE-2022-39374

Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. If Synapse and a malicious homeserver are both joined to the same room, the malicious homeserver can trick Synapse into accepting previously rejected events into its view of the current state of that ro...

6.5CVSS6.2AI score0.00158EPSS

CVE•added 2023/10/31 5:15 p.m.•51 views

CVE-2023-43796

Synapse is an open-source Matrix homeserver Prior to versions 1.95.1 and 1.96.0rc1, cached device information of remote users can be queried from Synapse. This can be used to enumerate the remote users known to a homeserver. System administrators are encouraged to upgrade to Synapse 1.95.1 or 1.96....

5.3CVSS5AI score0.00167EPSS

CVE•added 2023/05/26 2:15 p.m.•50 views

CVE-2023-32323

Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. A malicious user on a Synapse homeserver X with permission to create certain state events can disable outbound federation from X to an arbitrary homeserver Y. Synapse instances with federation disabled ...

5CVSS4.8AI score0.00127EPSS

CVE•added 2023/10/10 6:15 p.m.•45 views

CVE-2023-45129

Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. Prior to version 1.94.0, a malicious server ACL event can impact performance temporarily or permanently leading to a persistent denial of service. Homeservers running on a closed federation (which presu...

4.9CVSS4.9AI score0.00252EPSS