Matrix Synapse vulnerabilities

CVE-2021-39164 [LOW] CWE-200 CVE-2021-39164: Matrix is an ecosystem for open federated Instant Messaging and Voice over IP. In versions 1.41.0 an Matrix is an ecosystem for open federated Instant Messaging and Voice over IP. In versions 1.41.0 and prior, unauthorised users can access the membership (list of members, with their display names) of a room if they know the ID of the room. The vulnerability is limited to rooms with `shared` history visibility. Furthermore, the unauthorised user must b

CVE-2021-39163 [LOW] CWE-200 CVE-2021-39163: Matrix is an ecosystem for open federated Instant Messaging and Voice over IP. In versions 1.41.0 an Matrix is an ecosystem for open federated Instant Messaging and Voice over IP. In versions 1.41.0 and prior, unauthorised users can access the name, avatar, topic and number of members of a room if they know the ID of the room. This vulnerability is limited to homeservers where the vulnerable homeserver is in the room and untrusted users are permitted

CVE-2021-29471 [MEDIUM] CWE-400 CVE-2021-29471: Synapse is a Matrix reference homeserver written in python (pypi package matrix-synapse). Matrix is Synapse is a Matrix reference homeserver written in python (pypi package matrix-synapse). Matrix is an ecosystem for open federated Instant Messaging and VoIP. In Synapse before version 1.33.2 "Push rules" can specify conditions under which they will match, including `event_match`, which matches event content against a pattern including wildcards. Ce

CVE-2021-21394 [MEDIUM] CWE-20 CVE-2021-21394: Synapse is a Matrix reference homeserver written in python (pypi package matrix-synapse). Matrix is Synapse is a Matrix reference homeserver written in python (pypi package matrix-synapse). Matrix is an ecosystem for open federated Instant Messaging and VoIP. In Synapse before version 1.28.0 Synapse is missing input validation of some parameters on the endpoints used to confirm third-party identifiers could cause excessive use of disk space and memo

CVE-2021-21392 [MEDIUM] CWE-601 CVE-2021-21392: Synapse is a Matrix reference homeserver written in python (pypi package matrix-synapse). Matrix is Synapse is a Matrix reference homeserver written in python (pypi package matrix-synapse). Matrix is an ecosystem for open federated Instant Messaging and VoIP. In Synapse before version 1.28.0 requests to user provided domains were not restricted to external IP addresses when transitional IPv6 addresses were used. Outbound requests to federation, ide

CVE-2021-21393 [MEDIUM] CWE-20 CVE-2021-21393: Synapse is a Matrix reference homeserver written in python (pypi package matrix-synapse). Matrix is Synapse is a Matrix reference homeserver written in python (pypi package matrix-synapse). Matrix is an ecosystem for open federated Instant Messaging and VoIP. In Synapse before version 1.28.0 Synapse is missing input validation of some parameters on the endpoints used to confirm third-party identifiers could cause excessive use of disk space and memo

CVE-2021-21332 [HIGH] CWE-79 CVE-2021-21332: Synapse is a Matrix reference homeserver written in python (pypi package matrix-synapse). Matrix is Synapse is a Matrix reference homeserver written in python (pypi package matrix-synapse). Matrix is an ecosystem for open federated Instant Messaging and VoIP. In Synapse before version 1.27.0, the password reset endpoint served via Synapse was vulnerable to cross-site scripting (XSS) attacks. The impact depends on the configuration of the domain that S

CVE-2021-21333 [MEDIUM] CWE-74 CVE-2021-21333: Synapse is a Matrix reference homeserver written in python (pypi package matrix-synapse). Matrix is Synapse is a Matrix reference homeserver written in python (pypi package matrix-synapse). Matrix is an ecosystem for open federated Instant Messaging and VoIP. In Synapse before version 1.27.0, the notification emails sent for notifications for missed messages or for an expiring account are subject to HTML injection. In the case of the notification fo

CVE-2021-21274 [MEDIUM] CWE-400 CVE-2021-21274: Synapse is a Matrix reference homeserver written in python (pypi package matrix-synapse). Matrix is Synapse is a Matrix reference homeserver written in python (pypi package matrix-synapse). Matrix is an ecosystem for open federated Instant Messaging and VoIP. In Synapse before version 1.25.0, a malicious homeserver could redirect requests to their .well-known file to a large file. This can lead to a denial of service attack where homeservers will c

CVE-2021-21273 [MEDIUM] CWE-601 CVE-2021-21273: Synapse is a Matrix reference homeserver written in python (pypi package matrix-synapse). Matrix is Synapse is a Matrix reference homeserver written in python (pypi package matrix-synapse). Matrix is an ecosystem for open federated Instant Messaging and VoIP. In Synapse before version 1.25.0, requests to user provided domains were not restricted to external IP addresses when calculating the key validity for third-party invite events and sending pus

CVE-2020-26257 [MEDIUM] CWE-79 CVE-2020-26257: Matrix is an ecosystem for open federated Instant Messaging and VoIP. Synapse is a reference "homese Matrix is an ecosystem for open federated Instant Messaging and VoIP. Synapse is a reference "homeserver" implementation of Matrix. A malicious or poorly-implemented homeserver can inject malformed events into a room by specifying a different room id in the path of a `/send_join`, `/send_leave`, `/invite` or `/exchange_third_party_invite` request. Th

CVE-2020-26890 [HIGH] CWE-20 CVE-2020-26890: Matrix Synapse before 1.20.0 erroneously permits non-standard NaN, Infinity, and -Infinity JSON valu Matrix Synapse before 1.20.0 erroneously permits non-standard NaN, Infinity, and -Infinity JSON values in fields of m.room.member events, allowing remote attackers to execute a denial of service attack against the federation and common Matrix clients. If such a malformed event is accepted into the room's state, the impact is long-lasting and is not fix

CVE-2020-26891 [MEDIUM] CWE-79 CVE-2020-26891: AuthRestServlet in Matrix Synapse before 1.21.0 is vulnerable to XSS due to unsafe interpolation of AuthRestServlet in Matrix Synapse before 1.21.0 is vulnerable to XSS due to unsafe interpolation of the session GET parameter. This allows a remote attacker to execute an XSS attack on the domain Synapse is hosted on, by supplying the victim user with a malicious URL to the /_matrix/client/r0/auth/*/fallback/web or /_matrix/client/unstable/auth/*/fall

CVE-2019-18835 [CRITICAL] CWE-345 CVE-2019-18835: Matrix Synapse before 1.5.0 mishandles signature checking on some federation APIs. Events sent over Matrix Synapse before 1.5.0 mishandles signature checking on some federation APIs. Events sent over /send_join, /send_leave, and /invite may not be correctly signed, or may not come from the expected servers.

CVE-2019-11842 [HIGH] CWE-338 CVE-2019-11842: An issue was discovered in Matrix Sydent before 1.0.3 and Synapse before 0.99.3.1. Random number gen An issue was discovered in Matrix Sydent before 1.0.3 and Synapse before 0.99.3.1. Random number generation is mishandled, which makes it easier for attackers to predict a Sydent authentication token or a Synapse random ID.

CVE-2019-5885 [HIGH] CWE-330 CVE-2019-5885: Matrix Synapse before 0.34.0.1, when the macaroon_secret_key authentication parameter is not set, us Matrix Synapse before 0.34.0.1, when the macaroon_secret_key authentication parameter is not set, uses a predictable value to derive a secret key and other secrets which could allow remote attackers to impersonate users.

CVE-2018-16515 [HIGH] CWE-347 CVE-2018-16515: Matrix Synapse before 0.33.3.1 allows remote attackers to spoof events and possibly have unspecified Matrix Synapse before 0.33.3.1 allows remote attackers to spoof events and possibly have unspecified other impacts by leveraging improper transaction and event signature validation.

CVE-2018-12423 [HIGH] CVE-2018-12423: In Synapse before 0.31.2, unauthorised users can hijack rooms when there is no m.room.power_levels e In Synapse before 0.31.2, unauthorised users can hijack rooms when there is no m.room.power_levels event in force.

CVE-2018-12291 [HIGH] CVE-2018-12291: The on_get_missing_events function in handlers/federation.py in Matrix Synapse before 0.31.1 has a s The on_get_missing_events function in handlers/federation.py in Matrix Synapse before 0.31.1 has a security bug in the get_missing_events federation API where event visibility rules were not applied correctly.

CVE-2018-10657 [HIGH] CWE-20 CVE-2018-10657: Matrix Synapse before 0.28.1 is prone to a denial of service flaw where malicious events injected wi Matrix Synapse before 0.28.1 is prone to a denial of service flaw where malicious events injected with depth = 2^63 - 1 render rooms unusable, related to federation/federation_base.py and handlers/message.py, as exploited in the wild in April 2018.