CyberSec.Space Logo
返回 CVE 瀏覽器

CVE-2019-18835

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.0110%
EPSS Percentile7.22th
Published2019年11月8日
Last Modified2024年11月21日

Vulnerability Description

Matrix Synapse before 1.5.0 mishandles signature checking on some federation APIs. Events sent over /send_join, /send_leave, and /invite may not be correctly signed, or may not come from the expected servers.

Affected Platforms (CPE)

📦
Matrix

Synapse

< 1.5.0

References & Advisories

🔗 https://github.com/matrix-org/synapse/pull/6262
🔗 https://github.com/matrix-org/synapse/releases/tag/v1.5.0
🔗 https://github.com/matrix-org/synapse/pull/6262
🔗 https://github.com/matrix-org/synapse/releases/tag/v1.5.0

相關漏洞威脅

CVE-2017-97699.8

A specially crafted IOCTL can be issued to the rzpnk.sys driver in Razer Synapse 2.20.15.1104 that is forwarded to ZwOpenProcess a...

CVE-2017-157089.8

In Apache Synapse, by default no authentication is required for Java Remote Method Invocation (RMI). So Apache Synapse 3.0.1 or al...

CVE-2018-165158.8

Matrix Synapse before 0.33.3.1 allows remote attackers to spoof events and possibly have unspecified other impacts by leveraging i...

CVE-2017-116528.4

Razer Synapse 2.20.15.1104 and earlier uses weak permissions for the CrashReporter directory, which allows local users to gain pri...