Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
4.3
CVSSv3

CVE-2023-42453

Published: 27/09/2023 Updated: 07/01/2024
CVSS v3 Base Score: 4.3 | Impact Score: 1.4 | Exploitability Score: 2.8
VMScore: 0
Subscribe to Synapse

Vulnerability Summary

Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. Users were able to forge read receipts for any event (if they knew the room ID and event ID). Note that the users were not able to view the events, but simply mark it as read. This could be confusing as clients will show the event as read by the user, even if they are not in the room. This issue has been patched in version 1.93.0. Users are advised to upgrade. There are no known workarounds for this issue.

Vulnerable Product Search on Vulmon Subscribe to Product

matrix synapse

fedoraproject fedora 37

fedoraproject fedora 38

Vendor Advisories

Debian CVElist Bug Report Logs: matrix-synapse: CVE-2023-42453 CVE-2023-41335
Debian Bug report logs - #1053283 matrix-synapse: CVE-2023-42453 CVE-2023-41335 Package: src:matrix-synapse; Maintainer for src:matrix-synapse is Matrix Packaging Team <pkg-matrix-maintainers@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sat, 30 Sep 2023 18:54:02 UTC Severity: ...

References

CWE-285https://github.com/matrix-org/synapse/security/advisories/GHSA-7565-cq32-vx2xhttps://github.com/matrix-org/synapse/pull/16327https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/65QPC55I4D27HIZP7H2NQ34EOXHPP4AO/https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2AFB2Y3S2VCPCN5P2XCZTG24MBMZ7DM4/https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N6P4QULVUE254WI7XF2LWWOGHCYVFXFY/https://security.gentoo.org/glsa/202401-12https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1053283https://nvd.nist.gov
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2006-4304CVE-2024-4240arbitrary CVE-2024-31601XSSCVE-2023-20198CVE-2024-4256CVE-2024-3342encryption
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook