CVE-2020-26891 — Cross-site Scripting in Synapse

CWE-79 — Cross-site Scripting6 documents5 sources

Severity

6.1MEDIUMNVD

EPSS

0.6%

top 30.05%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Matrix Synapse

Timeline

PublishedOct 19

Description

AuthRestServlet in Matrix Synapse before 1.21.0 is vulnerable to XSS due to unsafe interpolation of the session GET parameter. This allows a remote attacker to execute an XSS attack on the domain Synapse is hosted on, by supplying the victim user with a malicious URL to the /_matrix/client/r0/auth/*/fallback/web or /_matrix/client/unstable/auth/*/fallback/web Synapse endpoints.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages1 packages

▶NVDmatrix/synapse< 1.21.0

Patches

Patch: github.com ↗Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

OSV

CVE-2020-26891: AuthRestServlet in Matrix Synapse before 1↗2020-10-19

▶

CVEList

CVE-2020-26891: AuthRestServlet in Matrix Synapse before 1↗2020-10-19

▶

GHSA

Cross-site scripting (XSS) vulnerability in the fallback authentication endpoint↗2020-10-16

▶

OSV

Cross-site scripting (XSS) vulnerability in the fallback authentication endpoint↗2020-10-16

▶

📋Vendor Advisories

Debian

CVE-2020-26891: matrix-synapse - AuthRestServlet in Matrix Synapse before 1.21.0 is vulnerable to XSS due to unsa...↗2020

▶