CVE-2020-26891 – matrix-synapse

Package

Manager: pip
Name: matrix-synapse
Vulnerable Version: >=0 <1.21.0

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N

EPSS: 0.00616 pctl0.6898

Details

Cross-site scripting (XSS) vulnerability in the fallback authentication endpoint ### Impact The fallback authentication endpoint served via Synapse was vulnerable to cross-site scripting (XSS) attacks. The impact depends on the configuration of the domain that Synapse is deployed on, but may allow access to cookies and other browser data, CSRF vulnerabilities, and access to other resources served on the same domain or parent domains. ### Patches This is fixed by #8444, which is included in Synapse v1.21.0. ### Workarounds If the homeserver is not configured to use reCAPTCHA, consent (terms of service), or single sign-on then the affected endpoint can be blocked at a reverse proxy: * `/_matrix/client/r0/auth/.*/fallback/web` * `/_matrix/client/unstable/auth/.*/fallback/web`

Metadata

Created: 2020-10-16T16:56:04Z
Modified: 2024-09-24T17:41:06Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2020/10/GHSA-3x8c-fmpc-5rmq/GHSA-3x8c-fmpc-5rmq.json
CWE IDs: ["CWE-79"]
Alternative ID: GHSA-3x8c-fmpc-5rmq
Finding: F008
Auto approve: 1