Synapse is an open-source Matrix homeserver Prior to versions 1.95.1 and 1.96.0rc1, cached device information of remote users can be queried from Synapse. This can be used to enumerate the remote users known to a homeserver. System administrators are encouraged to upgrade to Synapse 1.95.1 or 1.96.0rc1 to receive a patch. As a workaround, the `federation_domain_whitelist` can be used to limit federation traffic with a homeserver.
References
Configurations
History
07 Jan 2024, 11:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
28 Dec 2023, 16:13
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:* |
|
References | () https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2IDEEZMFJBDLTFHQUTZRJJNCOZGQ2ZVS/ - Mailing List | |
References | () https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VH3RNC5ZPQZ4OKPSL4E6BBJSZOQLGDEY/ - Mailing List | |
First Time |
Fedoraproject
Fedoraproject fedora |
10 Nov 2023, 03:15
Type | Values Removed | Values Added |
---|---|---|
CWE | NVD-CWE-noinfo | |
CPE | cpe:2.3:a:matrix:synapse:*:*:*:*:*:*:*:* | |
First Time |
Matrix
Matrix synapse |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 5.3 |
References |
|
|
References | (MISC) https://github.com/matrix-org/synapse/commit/daec55e1fe120c564240c5386e77941372bf458f - Patch | |
References | (MISC) https://github.com/matrix-org/synapse/security/advisories/GHSA-mp92-3jfm-3575 - Vendor Advisory |
31 Oct 2023, 17:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-10-31 17:15
Updated : 2024-01-07 11:15
NVD link : CVE-2023-43796
Mitre link : CVE-2023-43796
CVE.ORG link : CVE-2023-43796
JSON object : View
Products Affected
fedoraproject
- fedora
matrix
- synapse
CWE