Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2023-43796

Synapse is an open-source Matrix homeserver Prior to versions 1.95.1 and 1.96.0rc1, cached device information of remote users can be queried from Synapse. This can be used to enumerate the remote users known to a homeserver. System administrators are encouraged to upgrade to Synapse 1.95.1 or 1.96.0rc1 to receive a patch. As a workaround, the `federation_domain_whitelist` can be used to limit federation traffic with a homeserver.

Published

2023-10-31T17:15:23.270

Last Modified

2025-02-13T17:17:13.480

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 5.3 (MEDIUM)

Weaknesses

Type: Secondary
CWE-200
Type: Primary
NVD-CWE-noinfo

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	matrix	synapse	< 1.95.1	Yes
Operating System	fedoraproject	fedora	38	Yes
Operating System	fedoraproject	fedora	39	Yes

References

https://github.com/matrix-org/synapse/commit/daec55e1fe120c564240c5386e77941372bf458f Patch ([email protected])
https://github.com/matrix-org/synapse/security/advisories/GHSA-mp92-3jfm-3575 Vendor Advisory ([email protected])
https://lists.fedoraproject.org/archives/list/[email protected]/message/2IDEEZMFJBDLTFHQUTZRJJNCOZGQ2ZVS/ Mailing List ([email protected])
https://lists.fedoraproject.org/archives/list/[email protected]/message/VH3RNC5ZPQZ4OKPSL4E6BBJSZOQLGDEY/ Mailing List ([email protected])
https://security.gentoo.org/glsa/202401-12 ([email protected])
https://github.com/matrix-org/synapse/commit/daec55e1fe120c564240c5386e77941372bf458f Patch (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/matrix-org/synapse/security/advisories/GHSA-mp92-3jfm-3575 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://lists.fedoraproject.org/archives/list/[email protected]/message/2IDEEZMFJBDLTFHQUTZRJJNCOZGQ2ZVS/ Mailing List (af854a3a-2127-422b-91ae-364da2661108)
https://lists.fedoraproject.org/archives/list/[email protected]/message/VH3RNC5ZPQZ4OKPSL4E6BBJSZOQLGDEY/ Mailing List (af854a3a-2127-422b-91ae-364da2661108)
https://security.gentoo.org/glsa/202401-12 (af854a3a-2127-422b-91ae-364da2661108)