CVE-2018-16515
published 2018-09-18CVE-2018-16515: Matrix Synapse before 0.33.3.1 allows remote attackers to spoof events and possibly have unspecified other impacts by leveraging improper transaction and event…
high8.8CVSS 3.0
AVNACLPRLUINSUCHIHAH
Matrix Synapse before 0.33.3.1 allows remote attackers to spoof events and possibly have unspecified other impacts by leveraging improper transaction and event signature validation.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | debian_linux | — | — |
| debian | matrix-synapse | < matrix-synapse 0.33.3.1-1 (forky) | matrix-synapse 0.33.3.1-1 (forky) |
| matrix | synapse | < 0.33.3.1 | 0.33.3.1 |
CVSS provenance
nvdv3.08.8HIGHCVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
osv8.8HIGH