CVE-2019-11842
published 2019-05-09CVE-2019-11842: An issue was discovered in Matrix Sydent before 1.0.3 and Synapse before 0.99.3.1. Random number generation is mishandled, which makes it easier for attackers…
high7.5CVSS 3.0
AVNACLPRNUINSUCHINAN
An issue was discovered in Matrix Sydent before 1.0.3 and Synapse before 0.99.3.1. Random number generation is mishandled, which makes it easier for attackers to predict a Sydent authentication token or a Synapse random ID.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | matrix-synapse | < matrix-synapse 0.99.2-5 (forky) | matrix-synapse 0.99.2-5 (forky) |
| matrix | sydent | < 1.0.3 | 1.0.3 |
| matrix | synapse | < 0.99.3.1 | 0.99.3.1 |
CVSS provenance
nvdv3.07.5HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
osv7.5HIGH