CVE-2018-16515

2018-09-18T00:00:00
ID UB:CVE-2018-16515
Type ubuntucve
Reporter ubuntu.com
Modified 2018-09-18T00:00:00

Description

Matrix Synapse before 0.33.3.1 allows remote attackers to spoof events and possibly have unspecified other impacts by leveraging improper transaction and event signature validation.

Bugs

  • <http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=908044>

Notes

Author| Note
---|---
msalvatore | This CVE covers a few problems. To exploit the first, you must be "the administrator of any server in a room". To exploit the second two requires a "malicious server".