PT-2018-11098 · Matrix+3 · Matrix Synapse+3

Neilisfragile

Publicado

2018-06-13

Atualizado

2024-06-15

CVE-2018-12291

CVSS v3.1

7.5

Alta

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Matrix Synapse versions prior to 0.31.1

Description The issue concerns a security bug in the get missing events federation API, specifically in the on get missing events function, where event visibility rules were not applied correctly.

Recommendations For versions prior to 0.31.1, update to version 0.31.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the on get missing events function in handlers/federation.py until a patch is available.

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Identificadores relacionados

ALT-PU-2018-1973

CVE-2018-12291

GHSA-V8WM-G9F2-XJV4

OPENSUSE-SU-2018_1767-1

OPENSUSE-SU-2024:11041-1

USN-6076-1

Produtos afetados

Alt Linux

Matrix Synapse

Suse

Ubuntu

PT-2018-11098 · Matrix+3 · Matrix Synapse+3

CVE-2018-12291

Identificadores relacionados

Produtos afetados

Referências · 32