CVE-2018-12423

Name of the Vulnerable Software and Affected Versions Synapse versions prior to 0.31.2

Description The issue allows unauthorized users to hijack rooms when there is no m.room.power levels event in force. This can lead to unauthorized access and control over rooms.

Recommendations For versions prior to 0.31.2, update to version 0.31.2 or later to resolve the issue. As a temporary workaround, consider implementing strict access controls to rooms and ensuring that m.room.power levels events are properly configured to minimize the risk of exploitation.