Lucene search
Veracode Vulnerability DatabaseVERACODE:36782HistoryAug 22, 2022 - 5:58 a.m.
Authorization Bypass
2022-08-2205:58:55
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
8
github
matrix-org
dendrite
authorization bypass
software vulnerability
eventcontent.go
power levels
server rejection
EPSS
0.002
Percentile
60.7%
github.com/matrix-org/dendrite is vulnerable to authorization bypass. The vulnerability exists in the events_default level in m.room.power_levels events of eventcontent.go when defaulting the event default power level to zero in all cases, resulting in events either being incorrectly authorized or rejected by dendrite servers.
References
Related
osv
osv
gomatrixserverlib and Dendrite vulnerable to incorrect parsing of the event default power level in event auth
2022-08-30 19:54:34
Incorrect event parsing in github.com/matrix-org/gomatrixserverlib
2022-08-22 18:08:50
CVE-2022-36009
2022-08-19 21:15:08
cvelist
cvelist
alpinelinux
alpinelinux
CVE-2022-36009
2022-08-19 21:15:00
github
github
cve
cve
CVE-2022-36009
2022-08-19 21:15:08
nvd
nvd
CVE-2022-36009
2022-08-19 21:15:08
prion
prion
Design/Logic Flaw
2022-08-19 21:15:00
freebsd
freebsd
dendrite -- Incorrect parsing of the event default power level in event auth
2022-08-15 00:00:00