CyberSec.Space Logo
Back to CVE Browser

CVE-2018-16515

HIGH
8.8
CVSS Severity Score
EPSS Score0.0280%
EPSS Percentile10.16th
PublishedSep 18, 2018
Last ModifiedNov 21, 2024

Vulnerability Description

Matrix Synapse before 0.33.3.1 allows remote attackers to spoof events and possibly have unspecified other impacts by leveraging improper transaction and event signature validation.

Affected Platforms (CPE)

πŸ“¦
Matrix

Synapse

< 0.33.3.1
πŸ’»
Debian

Debian Linux

= 8.0

References & Advisories

πŸ”— https://github.com/matrix-org/synapse/issues/3796#event-1833126269
πŸ”— https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IRW7YR2H3ASUSYX4AO4KMY3FNVDNYW3P/
πŸ”— https://matrix.org/blog/2018/09/06/critical-security-update-synapse-0-33-3-1/
πŸ”— https://github.com/matrix-org/synapse/issues/3796#event-1833126269
πŸ”— https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IRW7YR2H3ASUSYX4AO4KMY3FNVDNYW3P/
πŸ”— https://matrix.org/blog/2018/09/06/critical-security-update-synapse-0-33-3-1/

Related Vulnerabilities

CVE-2019-188359.8

Matrix Synapse before 1.5.0 mishandles signature checking on some federation APIs. Events sent over /send_join, /send_leave, and /...

CVE-2017-157089.8

In Apache Synapse, by default no authentication is required for Java Remote Method Invocation (RMI). So Apache Synapse 3.0.1 or al...

CVE-2017-97699.8

A specially crafted IOCTL can be issued to the rzpnk.sys driver in Razer Synapse 2.20.15.1104 that is forwarded to ZwOpenProcess a...

CVE-2017-116528.4

Razer Synapse 2.20.15.1104 and earlier uses weak permissions for the CrashReporter directory, which allows local users to gain pri...