CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N
EPSS
Percentile
30.1%
Synapse is vulnerable to Plaintext Password Storage. The vulnerability is due to the brief storage of updated credentials in the server database, which could result in passwords being inadvertently captured in database backups for a longer duration then anticipated.
github.com/advisories/GHSA-4f74-84v3-j9q5
github.com/matrix-org/synapse/commit/69b74d9330e42fc91a9c7423d00a06cd6d3732bf
github.com/matrix-org/synapse/pull/16272
github.com/matrix-org/synapse/security/advisories/GHSA-4f74-84v3-j9q5
lists.fedoraproject.org/archives/list/[email protected]/message/2AFB2Y3S2VCPCN5P2XCZTG24MBMZ7DM4/
lists.fedoraproject.org/archives/list/[email protected]/message/65QPC55I4D27HIZP7H2NQ34EOXHPP4AO/
lists.fedoraproject.org/archives/list/[email protected]/message/N6P4QULVUE254WI7XF2LWWOGHCYVFXFY/
security.gentoo.org/glsa/202401-12