Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
matrix synapse vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2019-11842
An issue exists in Matrix Sydent prior to 1.0.3 and Synapse prior to 0.99.3.1. Random number generation is mishandled, which makes it easier for malicious users to predict a Sydent authentication token or a Synapse random ID.
Matrix Synapse
Matrix Sydent
NA
CVE-2022-39374
Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. If Synapse and a malicious homeserver are both joined to the same room, the malicious homeserver can trick Synapse into accepting previously rejected events into its view of the curre...
Matrix Synapse
4.3
CVSSv2
CVE-2020-26891
AuthRestServlet in Matrix Synapse prior to 1.21.0 is vulnerable to XSS due to unsafe interpolation of the session GET parameter. This allows a remote malicious user to execute an XSS attack on the domain Synapse is hosted on, by supplying the victim user with a malicious URL to t...
Matrix Synapse
NA
CVE-2022-39335
Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. The Matrix Federation API allows remote homeservers to request the authorization events in a room. This is necessary so that a homeserver receiving some events can validate that those...
Matrix Synapse
NA
CVE-2022-31152
Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. The Matrix specification specifies a list of [event authorization rules](https://spec.matrix.org/v1.2/rooms/v9/#authorization-rules) which must be checked when determining if an event...
Matrix Synapse
NA
CVE-2022-41952
Synapse prior to 1.52.0 with URL preview functionality enabled will attempt to generate URL previews for media stream URLs without properly limiting connection time. Connections will only be terminated after `max_spider_size` (default: 10M) bytes have been downloaded, which can i...
Matrix Synapse
5
CVSSv2
CVE-2018-12423
In Synapse prior to 0.31.2, unauthorised users can hijack rooms when there is no m.room.power_levels event in force.
Matrix Synapse
NA
CVE-2023-32682
Synapse is a Matrix protocol homeserver written in Python with the Twisted framework. In affected versions it may be possible for a deactivated user to login when using uncommon configurations. This only applies if any of the following are true: 1. JSON Web Tokens are enabled for...
Matrix Synapse
NA
CVE-2023-32683
Synapse is a Matrix protocol homeserver written in Python with the Twisted framework. A discovered oEmbed or image URL can bypass the `url_preview_url_blacklist` setting potentially allowing server side request forgery or bypassing network policies. Impact is limited to IP addres...
Matrix Synapse
NA
CVE-2023-32323
Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. A malicious user on a Synapse homeserver X with permission to create certain state events can disable outbound federation from X to an arbitrary homeserver Y. Synapse instances with f...
Matrix Synapse
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
race condition
CVE-2024-4249
CVE-2024-4244
CVE-2023-20198
TCP
CVE-2022-48648
CVE-2022-48636
CVE-2024-21345
SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
NEXT »