Описание
Matrix Synapse before 1.5.0 mishandles signature checking on some federation APIs. Events sent over /send_join, /send_leave, and /invite may not be correctly signed, or may not come from the expected servers.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | ignored | end of standard support, was needed |
| devel | not-affected | |
| esm-apps/bionic | released | 0.24.0+dfsg-1ubuntu0.1~esm1 |
| esm-apps/focal | not-affected | 1.11.0-1 |
| esm-apps/jammy | not-affected | |
| esm-infra-legacy/trusty | DNE | |
| focal | not-affected | 1.11.0-1 |
| groovy | not-affected | |
| hirsute | not-affected | |
| impish | not-affected |
Показывать по
10
7.5 High
CVSS2
9.8 Critical
CVSS3
Связанные уязвимости
CVSS3: 9.8
nvd
около 6 лет назад
Matrix Synapse before 1.5.0 mishandles signature checking on some federation APIs. Events sent over /send_join, /send_leave, and /invite may not be correctly signed, or may not come from the expected servers.
CVSS3: 9.8
debian
около 6 лет назад
Matrix Synapse before 1.5.0 mishandles signature checking on some fede ...
CVSS3: 8.6
github
больше 3 лет назад
Improper Verification of Cryptographic Signature in matrix-synapse
7.5 High
CVSS2
9.8 Critical
CVSS3