PT-2023-28988 · Synapse+3 · Synapse+3

Erikjohnston

Publicado

2023-10-31

Atualizado

2025-04-22

CVE-2023-43796

CVSS v3.1

5.3

Média

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions Synapse versions prior to 1.95.1 and 1.96.0rc1

Description Synapse is an open-source Matrix homeserver. Prior to versions 1.95.1 and 1.96.0rc1, cached device information of remote users can be queried from Synapse. This can be used to enumerate the remote users known to a homeserver.

Recommendations To resolve the issue, upgrade to Synapse 1.95.1 or 1.96.0rc1 to receive a patch. As a temporary workaround, the federation domain whitelist can be used to limit federation traffic with a homeserver.

Exploit

Correção

Information Disclosure

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-200

Identificadores relacionados

ALT-PU-2024-3315

CVE-2023-43796

GHSA-MP92-3JFM-3575

OPENSUSE-SU-2024:13392-1

PYSEC-2023-230

USN-7444-1

Produtos afetados

Alt Linux

Linuxmint

Synapse

Ubuntu

PT-2023-28988 · Synapse+3 · Synapse+3

CVE-2023-43796

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 31