CVE-2019-5885
published 2019-03-21CVE-2019-5885: Matrix Synapse before 0.34.0.1, when the macaroon_secret_key authentication parameter is not set, uses a predictable value to derive a secret key and other…
high7.5CVSS 3.0
AVNACLPRNUINSUCNIHAN
Matrix Synapse before 0.34.0.1, when the macaroon_secret_key authentication parameter is not set, uses a predictable value to derive a secret key and other secrets which could allow remote attackers to impersonate users.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | matrix-synapse | < matrix-synapse 0.34.1.1-1 (forky) | matrix-synapse 0.34.1.1-1 (forky) |
| fedoraproject | fedora | — | — |
| fedoraproject | fedora | — | — |
| matrix | synapse | < 0.34.0.1 | 0.34.0.1 |
CVSS provenance
nvdv3.07.5HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
osv7.5HIGH