Описание
Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. Prior to version 1.94.0, a malicious server ACL event can impact performance temporarily or permanently leading to a persistent denial of service. Homeservers running on a closed federation (which presumably do not need to use server ACLs) are not affected. Server administrators are advised to upgrade to Synapse 1.94.0 or later. As a workaround, rooms with malicious server ACL events can be purged and blocked using the admin API.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | ignored | end of standard support |
| devel | not-affected | 1.121.0-5 |
| esm-apps/bionic | ignored | patch infeasible |
| esm-apps/focal | ignored | patch infeasible |
| esm-apps/jammy | ignored | patch infeasible |
| esm-apps/noble | not-affected | 1.100.0-1ubuntu1 |
| focal | ignored | end of standard support, was ignored [patch infeasible] |
| jammy | ignored | patch infeasible |
| lunar | ignored | end of life, was needs-triage |
| mantic | ignored | end of life, was needs-triage |
Показывать по
EPSS
4.9 Medium
CVSS3
Связанные уязвимости
Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. Prior to version 1.94.0, a malicious server ACL event can impact performance temporarily or permanently leading to a persistent denial of service. Homeservers running on a closed federation (which presumably do not need to use server ACLs) are not affected. Server administrators are advised to upgrade to Synapse 1.94.0 or later. As a workaround, rooms with malicious server ACL events can be purged and blocked using the admin API.
Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. Prior to version 1.94.0, a malicious server ACL event can impact performance temporarily or permanently leading to a persistent denial of service. Homeservers running on a closed federation (which presumably do not need to use server ACLs) are not affected. Server administrators are advised to upgrade to Synapse 1.94.0 or later. As a workaround, rooms with malicious server ACL events can be purged and blocked using the admin API.
Synapse is an open-source Matrix homeserver written and maintained by ...
matrix-synapse vulnerable to denial of service due to malicious server ACL events
Уязвимость механизма управления доступа Access Control List (ACL) домашнего сервера Synapse, позволяющая нарушителю вызвать отказ в обслуживании
EPSS
4.9 Medium
CVSS3