PT-2018-11162 · Matrix.Org+2 · Synapse+2
Matthew Hodgson
·
Published
2018-06-14
·
Updated
2023-05-16
·
CVE-2018-12423
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
Synapse versions prior to 0.31.2
Description
The issue allows unauthorized users to hijack rooms when there is no
m.room.power levels event in force. This can lead to unauthorized access and control over rooms.Recommendations
For versions prior to 0.31.2, update to version 0.31.2 or later to resolve the issue. As a temporary workaround, consider implementing strict access controls to rooms and ensuring that
m.room.power levels events are properly configured to minimize the risk of exploitation.Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Alt Linux
Synapse
Ubuntu