Veracode Vulnerability DatabaseVERACODE:40930Authorization Bypass
5.4 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
0.001 Low
EPSS
Percentile
48.0%
matrix-synapse is vulnerable to Authorization Bypass. The vulnerability exists because it does not properly validate the deactivated status of users during login time. which allows a user to login even if there account is deactivated. Note that this vulnerability only applies if JSON Web Tokens are enabled for login via the jwt_config.enabled configuration setting, the local password database is enabled via the password_config.enabled and password_config.localdb_enabled configuration settings and a user’s password is updated via an admin API after a user is deactivated.
References
github.com/advisories/GHSA-26c5-ppr8-f33p
github.com/matrix-org/synapse/commit/af4a881b1f7e814e921d383ef0f5e7cf554ec27b
github.com/matrix-org/synapse/pull/15624
github.com/matrix-org/synapse/pull/15634
github.com/matrix-org/synapse/security/advisories/GHSA-26c5-ppr8-f33p
lists.fedoraproject.org/archives/list/[email protected]/message/X6DH5A5YEB5LRIPP32OUW25FCGZFCZU2/
matrix-org.github.io/synapse/latest/admin_api/user_admin_api.html#create-or-modify-account
matrix-org.github.io/synapse/latest/jwt.html
matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html#password_config
Related
5.4 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
0.001 Low
EPSS
Percentile
48.0%