Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2023-42453

Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. Users were able to forge read receipts for any event (if they knew the room ID and event ID). Note that the users were not able to view the events, but simply mark it as read. This could be confusing as clients will show the event as read by the user, even if they are not in the room. This issue has been patched in version 1.93.0. Users are advised to upgrade. There are no known workarounds for this issue.

Published

2023-09-27T15:19:32.453

Last Modified

2024-11-21T08:22:33.887

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 3.1 (LOW)

Weaknesses

Type: Secondary
CWE-285
Type: Primary
NVD-CWE-Other

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	matrix	synapse	< 1.93.0	Yes
Operating System	fedoraproject	fedora	37	Yes
Operating System	fedoraproject	fedora	38	Yes

References

https://github.com/matrix-org/synapse/pull/16327 Issue Tracking, Patch ([email protected])
https://github.com/matrix-org/synapse/security/advisories/GHSA-7565-cq32-vx2x Vendor Advisory ([email protected])
https://lists.fedoraproject.org/archives/list/[email protected]/message/2AFB2Y3S2VCPCN5P2XCZTG24MBMZ7DM4/ Mailing List, Release Notes ([email protected])
https://lists.fedoraproject.org/archives/list/[email protected]/message/65QPC55I4D27HIZP7H2NQ34EOXHPP4AO/ Mailing List, Release Notes ([email protected])
https://lists.fedoraproject.org/archives/list/[email protected]/message/N6P4QULVUE254WI7XF2LWWOGHCYVFXFY/ ([email protected])
https://security.gentoo.org/glsa/202401-12 ([email protected])
https://github.com/matrix-org/synapse/pull/16327 Issue Tracking, Patch (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/matrix-org/synapse/security/advisories/GHSA-7565-cq32-vx2x Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://lists.fedoraproject.org/archives/list/[email protected]/message/2AFB2Y3S2VCPCN5P2XCZTG24MBMZ7DM4/ Mailing List, Release Notes (af854a3a-2127-422b-91ae-364da2661108)
https://lists.fedoraproject.org/archives/list/[email protected]/message/65QPC55I4D27HIZP7H2NQ34EOXHPP4AO/ Mailing List, Release Notes (af854a3a-2127-422b-91ae-364da2661108)
https://lists.fedoraproject.org/archives/list/[email protected]/message/N6P4QULVUE254WI7XF2LWWOGHCYVFXFY/ (af854a3a-2127-422b-91ae-364da2661108)
https://security.gentoo.org/glsa/202401-12 (af854a3a-2127-422b-91ae-364da2661108)