CVE-2018-16515 – matrix-synapse

Package

Manager: pip
Name: matrix-synapse
Vulnerable Version: >=0.33.3 <0.33.3.1 || >=0 <0.33.2.1

Severity

Level: High

CVSS v3.1: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

EPSS: 0.00569 pctl0.67595

Details

Matrix Synapse Improper Signature Validation Matrix Synapse before 0.33.3.1 and 0.33.2.1 allows remote attackers to spoof events and possibly have unspecified other impacts by leveraging improper transaction and event signature validation.

Metadata

Created: 2022-05-13T01:50:21Z
Modified: 2023-10-06T17:19:32Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-fmvh-rvq5-hhjx/GHSA-fmvh-rvq5-hhjx.json
CWE IDs: ["CWE-347"]
Alternative ID: GHSA-fmvh-rvq5-hhjx
Finding: F204
Auto approve: 1