CVE-2018-16515

Опубликовано: 18 сент. 2018

Источник: debian

EPSS Низкий

Описание

Matrix Synapse before 0.33.3.1 allows remote attackers to spoof events and possibly have unspecified other impacts by leveraging improper transaction and event signature validation.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
matrix-synapse	fixed	0.33.3.1-1		package

Примечания

https://matrix.org/blog/2018/09/05/pre-disclosure-upcoming-critical-security-fix-for-synapse/
https://matrix.org/blog/2018/09/06/critical-security-update-synapse-0-33-3-1/
https://github.com/matrix-org/synapse/issues/3796#event-1833126269

EPSS

Процентиль: 68%

0.00569

Низкий

Связанные уязвимости

CVE-2018-16515

CVSS3: 8.8

ubuntu

больше 7 лет назад

Matrix Synapse before 0.33.3.1 allows remote attackers to spoof events and possibly have unspecified other impacts by leveraging improper transaction and event signature validation.

CVE-2018-16515

CVSS3: 8.8

nvd

больше 7 лет назад

Matrix Synapse before 0.33.3.1 allows remote attackers to spoof events and possibly have unspecified other impacts by leveraging improper transaction and event signature validation.

GHSA-fmvh-rvq5-hhjx

CVSS3: 8.8

github

больше 3 лет назад

Matrix Synapse Improper Signature Validation

EPSS

Процентиль: 68%

0.00569

Низкий