Multiple vulnerabilities in Matrix Synapse
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 2 |
| CVE-ID | CVE-2023-41335 CVE-2023-42453 |
| CWE-ID | CWE-312 CWE-284 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software |
Synapse Server applications / Conferencing, Collaboration and VoIP solutions |
| Vendor | Matrix.org |
Security Bulletin
This security bulletin contains information about 2 vulnerabilities.
1) Cleartext storage of sensitive information
EUVDB-ID: #VU81454
Risk: Low
CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-41335
CWE-ID:
CWE-312 - Cleartext Storage of Sensitive Information
Exploit availability: No
DescriptionThe vulnerability allows a user to gain access to sensitive information.
The vulnerability exists due to the way the application handles password change. When users update their passwords, the new credentials may be briefly held in the server database in clear text. A user with access to the database can obtain the password in clear text.
Install updates from vendor's website.
Vulnerable software versionsSynapse: 1.66.0 - 1.92.3
CPE2.3- cpe:2.3:a:matrix_org:synapse:1.66.0:*:*:*:*:*:*:*
- cpe:2.3:a:matrix_org:synapse:1.67.0:*:*:*:*:*:*:*
- cpe:2.3:a:matrix_org:synapse:1.68.0:*:*:*:*:*:*:*
https://github.com/matrix-org/synapse/pull/16272
https://github.com/matrix-org/synapse/security/advisories/GHSA-4f74-84v3-j9q5
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Improper access control
EUVDB-ID: #VU81455
Risk: Low
CVSSv4.0: 1.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-42453
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: No
DescriptionThe vulnerability allows a remote user to gain unauthorized access to otherwise restricted functionality.
The vulnerability exists due to improper access restrictions. A remote user can forge read receipts for any event and mark the events as read for other application users.
Install updates from vendor's website.
Vulnerable software versionsSynapse: 0.34.0 - 1.92.3
CPE2.3- cpe:2.3:a:matrix_org:synapse:0.34.0:*:*:*:*:*:*:*
- cpe:2.3:a:matrix_org:synapse:0.34.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:matrix_org:synapse:0.34.1:*:*:*:*:*:*:*
https://github.com/matrix-org/synapse/security/advisories/GHSA-7565-cq32-vx2x
https://github.com/matrix-org/synapse/pull/16327
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
