Описание
Matrix Synapse before 1.5.0 mishandles signature checking on some federation APIs. Events sent over /send_join, /send_leave, and /invite may not be correctly signed, or may not come from the expected servers.
Ссылки
- PatchThird Party Advisory
- Release NotesThird Party Advisory
- PatchThird Party Advisory
- Release NotesThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 1.5.0 (исключая)
cpe:2.3:a:matrix:synapse:*:*:*:*:*:*:*:*
EPSS
Процентиль: 37%
0.00163
Низкий
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
CWE-345
Связанные уязвимости
CVSS3: 9.8
ubuntu
около 6 лет назад
Matrix Synapse before 1.5.0 mishandles signature checking on some federation APIs. Events sent over /send_join, /send_leave, and /invite may not be correctly signed, or may not come from the expected servers.
CVSS3: 9.8
debian
около 6 лет назад
Matrix Synapse before 1.5.0 mishandles signature checking on some fede ...
CVSS3: 8.6
github
больше 3 лет назад
Improper Verification of Cryptographic Signature in matrix-synapse
EPSS
Процентиль: 37%
0.00163
Низкий
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
CWE-345