CVE-2019-11842 – matrix-synapse

Package

Manager: pip
Name: matrix-synapse
Vulnerable Version: >=0 <0.99.3.1

Severity

Level: High

CVSS v3.1: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00535 pctl0.66474

Details

matrix-sydent and matrix-synapse Use Cryptographically Weak PRNG An issue was discovered in Matrix Sydent before 1.0.3 and Synapse before 0.99.3.1. Random number generation is mishandled, which makes it easier for attackers to predict a Sydent authentication token or a Synapse random ID.

Metadata

Created: 2022-05-24T16:45:24Z
Modified: 2024-09-30T20:32:28Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-gwf7-vfjf-wf6x/GHSA-gwf7-vfjf-wf6x.json
CWE IDs: ["CWE-338"]
Alternative ID: GHSA-gwf7-vfjf-wf6x
Finding: F034
Auto approve: 1