GHSA-3x8c-fmpc-5rmq

Опубликовано: 16 окт. 2020

Источник: github

Github: Прошло ревью

CVSS4: 5.1

CVSS3: 6.1

Описание

Cross-site scripting (XSS) vulnerability in the fallback authentication endpoint

Impact

The fallback authentication endpoint served via Synapse was vulnerable to cross-site scripting (XSS) attacks. The impact depends on the configuration of the domain that Synapse is deployed on, but may allow access to cookies and other browser data, CSRF vulnerabilities, and access to other resources served on the same domain or parent domains.

Patches

This is fixed by #8444, which is included in Synapse v1.21.0.

Workarounds

If the homeserver is not configured to use reCAPTCHA, consent (terms of service), or single sign-on then the affected endpoint can be blocked at a reverse proxy:

/_matrix/client/r0/auth/.*/fallback/web
/_matrix/client/unstable/auth/.*/fallback/web

Ссылки

Пакеты

Наименование

matrix-synapse

pip

Затронутые версииВерсия исправления

< 1.21.0

1.21.0

EPSS

Процентиль: 70%

0.00616

Низкий

5.1 Medium

CVSS4

6.1 Medium

CVSS3

CVE ID

CVE-2020-26891

Дефекты

CWE-79

Связанные уязвимости

CVE-2020-26891

CVSS3: 6.1

ubuntu

больше 5 лет назад

AuthRestServlet in Matrix Synapse before 1.21.0 is vulnerable to XSS due to unsafe interpolation of the session GET parameter. This allows a remote attacker to execute an XSS attack on the domain Synapse is hosted on, by supplying the victim user with a malicious URL to the /_matrix/client/r0/auth/*/fallback/web or /_matrix/client/unstable/auth/*/fallback/web Synapse endpoints.

CVE-2020-26891

CVSS3: 6.1

nvd

больше 5 лет назад

CVE-2020-26891

CVSS3: 6.1

debian

больше 5 лет назад

AuthRestServlet in Matrix Synapse before 1.21.0 is vulnerable to XSS d ...

EPSS

Процентиль: 70%

0.00616

Низкий

5.1 Medium

CVSS4

6.1 Medium

CVSS3

CVE ID

CVE-2020-26891

Дефекты

CWE-79