CVE-2018-16515
HIGH8.8EPSS 0.44%Matrix Synapse Improper Signature Validation
發布日:2022/5/13修改日:2026/5/20
描述
Matrix Synapse before 0.33.3.1 allows remote attackers to spoof events and possibly have unspecified other impacts by leveraging improper transaction and event signature validation.
受影響套件(2)
- Debian/matrix-synapsefrom 0, < 0.33.3.1-1
- PyPI/matrix-synapse>= 0.33.3, < 0.33.3.1
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH8.8 | CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
參考連結(10)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2018-16515
- ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2018-16515
- PATCHhttps://github.com/matrix-org/synapse
- WEBhttps://github.com/matrix-org/synapse/commit/5bf8bc79ebc22c61968f2eb487714813fccbdb9b
- WEBhttps://github.com/matrix-org/synapse/commit/804dd41e18c449e711e443398b95c9f6c68b6fa2
- WEBhttps://github.com/matrix-org/synapse/commit/a5a0bf5cf71caed3c4e3677d2bce667c147dadfc
- WEBhttps://github.com/matrix-org/synapse/commit/c127c8d0421f0228a46ebbe280c9537e8d8ea42b
- WEBhttps://github.com/matrix-org/synapse/issues/3796#event-1833126269
- WEBhttps://lists.fedoraproject.org/archives/list/[email protected]/message/IRW7YR2H3ASUSYX4AO4KMY3FNVDNYW3P
- WEBhttps://matrix.org/blog/2018/09/06/critical-security-update-synapse-0-33-3-1