Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
matrix synapse vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2019-18835
Matrix Synapse prior to 1.5.0 mishandles signature checking on some federation APIs. Events sent over /send_join, /send_leave, and /invite may not be correctly signed, or may not come from the expected servers.
Matrix Synapse
6.5
CVSSv2
CVE-2018-16515
Matrix Synapse prior to 0.33.3.1 allows remote malicious users to spoof events and possibly have unspecified other impacts by leveraging improper transaction and event signature validation.
Matrix Synapse
Debian Debian Linux 8.0
5.8
CVSSv2
CVE-2021-21273
Synapse is a Matrix reference homeserver written in python (pypi package matrix-synapse). Matrix is an ecosystem for open federated Instant Messaging and VoIP. In Synapse before version 1.25.0, requests to user provided domains were not restricted to external IP addresses when ca...
Matrix Synapse
Fedoraproject Fedora 34
5
CVSSv2
CVE-2021-29471
Synapse is a Matrix reference homeserver written in python (pypi package matrix-synapse). Matrix is an ecosystem for open federated Instant Messaging and VoIP. In Synapse before version 1.33.2 "Push rules" can specify conditions under which they will match, including `e...
Matrix Synapse
Fedoraproject Fedora 34
5
CVSSv2
CVE-2020-26890
Matrix Synapse prior to 1.20.0 erroneously permits non-standard NaN, Infinity, and -Infinity JSON values in fields of m.room.member events, allowing remote malicious users to execute a denial of service attack against the federation and common Matrix clients. If such a malformed ...
Matrix Synapse
Fedoraproject Fedora 32
Fedoraproject Fedora 33
5
CVSSv2
CVE-2019-11842
An issue exists in Matrix Sydent prior to 1.0.3 and Synapse prior to 0.99.3.1. Random number generation is mishandled, which makes it easier for malicious users to predict a Sydent authentication token or a Synapse random ID.
Matrix Synapse
Matrix Sydent
5
CVSSv2
CVE-2019-5885
Matrix Synapse prior to 0.34.0.1, when the macaroon_secret_key authentication parameter is not set, uses a predictable value to derive a secret key and other secrets which could allow remote malicious users to impersonate users.
Matrix Synapse
Fedoraproject Fedora 28
Fedoraproject Fedora 29
5
CVSSv2
CVE-2018-12423
In Synapse prior to 0.31.2, unauthorised users can hijack rooms when there is no m.room.power_levels event in force.
Matrix Synapse
5
CVSSv2
CVE-2018-12291
The on_get_missing_events function in handlers/federation.py in Matrix Synapse prior to 0.31.1 has a security bug in the get_missing_events federation API where event visibility rules were not applied correctly.
Matrix Synapse
5
CVSSv2
CVE-2018-10657
Matrix Synapse prior to 0.28.1 is prone to a denial of service flaw where malicious events injected with depth = 2^63 - 1 render rooms unusable, related to federation/federation_base.py and handlers/message.py, as exploited in the wild in April 2018.
Matrix Synapse
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
firewall
CVE-2024-35649
stored XSS
CVE-2022-28654
CVE-2020-35153
CVE-2024-27348
CVE-2022-28652
local users
CVE-2017-3506
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
NEXT »