Filtered by vendor Matrix
Subscribe
Total
58 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-29432 | 1 Matrix | 1 Sydent | 2024-02-04 | 3.5 LOW | 5.7 MEDIUM |
| Sydent is a reference matrix identity server. A malicious user could abuse Sydent to send out arbitrary emails from the Sydent email address. This could be used to construct plausible phishing emails, for example. This issue has been fixed in 4469d1d. | |||||
| CVE-2021-29433 | 1 Matrix | 1 Sydent | 2024-02-04 | 4.0 MEDIUM | 4.3 MEDIUM |
| Sydent is a reference Matrix identity server. In Sydent versions 2.2.0 and prior, sissing input validation of some parameters on the endpoints used to confirm third-party identifiers could cause excessive use of disk space and memory leading to resource exhaustion. A patch for the vulnerability is in version 2.3.0. No workarounds are known to exist. | |||||
| CVE-2021-21394 | 2 Fedoraproject, Matrix | 2 Fedora, Synapse | 2024-02-04 | 4.0 MEDIUM | 6.5 MEDIUM |
| Synapse is a Matrix reference homeserver written in python (pypi package matrix-synapse). Matrix is an ecosystem for open federated Instant Messaging and VoIP. In Synapse before version 1.28.0 Synapse is missing input validation of some parameters on the endpoints used to confirm third-party identifiers could cause excessive use of disk space and memory leading to resource exhaustion. Note that the groups feature is not part of the Matrix specification and the chosen maximum lengths are arbitrary. Not all clients might abide by them. Refer to referenced GitHub security advisory for additional details including workarounds. | |||||
| CVE-2021-29431 | 1 Matrix | 1 Sydent | 2024-02-04 | 4.0 MEDIUM | 6.5 MEDIUM |
| Sydent is a reference Matrix identity server. Sydent can be induced to send HTTP GET requests to internal systems, due to lack of parameter validation or IP address blacklisting. It is not possible to exfiltrate data or control request headers, but it might be possible to use the attack to perform an internal port enumeration. This issue has been addressed in in 9e57334, 8936925, 3d531ed, 0f00412. A potential workaround would be to use a firewall to ensure that Sydent cannot reach internal HTTP resources. | |||||
| CVE-2020-26257 | 2 Fedoraproject, Matrix | 2 Fedora, Synapse | 2024-02-04 | 4.0 MEDIUM | 6.5 MEDIUM |
| Matrix is an ecosystem for open federated Instant Messaging and VoIP. Synapse is a reference "homeserver" implementation of Matrix. A malicious or poorly-implemented homeserver can inject malformed events into a room by specifying a different room id in the path of a `/send_join`, `/send_leave`, `/invite` or `/exchange_third_party_invite` request. This can lead to a denial of service in which future events will not be correctly sent to other servers over federation. This affects any server which accepts federation requests from untrusted servers. The Matrix Synapse reference implementation before version 1.23.1 the implementation is vulnerable to this injection attack. Issue is fixed in version 1.23.1. As a workaround homeserver administrators could limit access to the federation API to trusted servers (for example via `federation_domain_whitelist`). | |||||
| CVE-2020-26890 | 2 Fedoraproject, Matrix | 2 Fedora, Synapse | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| Matrix Synapse before 1.20.0 erroneously permits non-standard NaN, Infinity, and -Infinity JSON values in fields of m.room.member events, allowing remote attackers to execute a denial of service attack against the federation and common Matrix clients. If such a malformed event is accepted into the room's state, the impact is long-lasting and is not fixed by an upgrade to a newer version, requiring the event to be manually redacted instead. Since events are replicated to servers of other room members, the impact is not constrained to the server of the event sender. | |||||
| CVE-2020-26891 | 1 Matrix | 1 Synapse | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| AuthRestServlet in Matrix Synapse before 1.21.0 is vulnerable to XSS due to unsafe interpolation of the session GET parameter. This allows a remote attacker to execute an XSS attack on the domain Synapse is hosted on, by supplying the victim user with a malicious URL to the /_matrix/client/r0/auth/*/fallback/web or /_matrix/client/unstable/auth/*/fallback/web Synapse endpoints. | |||||
| CVE-2021-21274 | 2 Fedoraproject, Matrix | 2 Fedora, Synapse | 2024-02-04 | 4.3 MEDIUM | 6.5 MEDIUM |
| Synapse is a Matrix reference homeserver written in python (pypi package matrix-synapse). Matrix is an ecosystem for open federated Instant Messaging and VoIP. In Synapse before version 1.25.0, a malicious homeserver could redirect requests to their .well-known file to a large file. This can lead to a denial of service attack where homeservers will consume significantly more resources when requesting the .well-known file of a malicious homeserver. This affects any server which accepts federation requests from untrusted servers. Issue is resolved in version 1.25.0. As a workaround the `federation_domain_whitelist` setting can be used to restrict the homeservers communicated with over federation. | |||||
| CVE-2021-21273 | 2 Fedoraproject, Matrix | 2 Fedora, Synapse | 2024-02-04 | 5.8 MEDIUM | 6.1 MEDIUM |
| Synapse is a Matrix reference homeserver written in python (pypi package matrix-synapse). Matrix is an ecosystem for open federated Instant Messaging and VoIP. In Synapse before version 1.25.0, requests to user provided domains were not restricted to external IP addresses when calculating the key validity for third-party invite events and sending push notifications. This could cause Synapse to make requests to internal infrastructure. The type of request was not controlled by the user, although limited modification of request bodies was possible. For the most thorough protection server administrators should remove the deprecated `federation_ip_range_blacklist` from their settings after upgrading to Synapse v1.25.0 which will result in Synapse using the improved default IP address restrictions. See the new `ip_range_blacklist` and `ip_range_whitelist` settings if more specific control is necessary. | |||||
| CVE-2019-18835 | 1 Matrix | 1 Synapse | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
| Matrix Synapse before 1.5.0 mishandles signature checking on some federation APIs. Events sent over /send_join, /send_leave, and /invite may not be correctly signed, or may not come from the expected servers. | |||||
| CVE-2019-11842 | 1 Matrix | 2 Sydent, Synapse | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Matrix Sydent before 1.0.3 and Synapse before 0.99.3.1. Random number generation is mishandled, which makes it easier for attackers to predict a Sydent authentication token or a Synapse random ID. | |||||
| CVE-2019-11340 | 1 Matrix | 1 Sydent | 2024-02-04 | 4.3 MEDIUM | 5.9 MEDIUM |
| util/emailutils.py in Matrix Sydent before 1.0.2 mishandles registration restrictions that are based on e-mail domain, if the allowed_local_3pids option is enabled. This occurs because of potentially unwanted behavior in Python, in which an email.utils.parseaddr call on user@bad.example.net@good.example.com returns the user@bad.example.net substring. | |||||
| CVE-2019-5885 | 2 Fedoraproject, Matrix | 2 Fedora, Synapse | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| Matrix Synapse before 0.34.0.1, when the macaroon_secret_key authentication parameter is not set, uses a predictable value to derive a secret key and other secrets which could allow remote attackers to impersonate users. | |||||
| CVE-2018-16515 | 2 Debian, Matrix | 2 Debian Linux, Synapse | 2024-02-04 | 6.5 MEDIUM | 8.8 HIGH |
| Matrix Synapse before 0.33.3.1 allows remote attackers to spoof events and possibly have unspecified other impacts by leveraging improper transaction and event signature validation. | |||||
| CVE-2018-12291 | 1 Matrix | 1 Synapse | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| The on_get_missing_events function in handlers/federation.py in Matrix Synapse before 0.31.1 has a security bug in the get_missing_events federation API where event visibility rules were not applied correctly. | |||||
| CVE-2018-12423 | 1 Matrix | 1 Synapse | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| In Synapse before 0.31.2, unauthorised users can hijack rooms when there is no m.room.power_levels event in force. | |||||
| CVE-2018-10657 | 1 Matrix | 1 Synapse | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| Matrix Synapse before 0.28.1 is prone to a denial of service flaw where malicious events injected with depth = 2^63 - 1 render rooms unusable, related to federation/federation_base.py and handlers/message.py, as exploited in the wild in April 2018. | |||||
| CVE-2004-2089 | 1 Matrix | 1 Matrix Ftp Server | 2024-02-04 | 5.0 MEDIUM | N/A |
| Matrix FTP Server allows remote attackers to cause a denial of service (crash) by logging in using four spaces as the username and password and then issuing a LIST command. | |||||