Matrix.Org · Synapse · CVE-2018-12423
**Name of the Vulnerable Software and Affected Versions**
Synapse versions prior to 0.31.2
**Description**
The issue allows unauthorized users to hijack rooms when there is no `m.room.power levels` event in force. This can lead to unauthorized access and control over rooms.
**Recommendations**
For versions prior to 0.31.2, update to version 0.31.2 or later to resolve the issue. As a temporary workaround, consider implementing strict access controls to rooms and ensuring that `m.room.power levels` events are properly configured to minimize the risk of exploitation.