GoogleOSV:GHSA-4F74-84V3-J9Q5matrix-synapse vulnerable to temporary storage of plaintext passwords during password changes
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N
EPSS
Percentile
30.1%
Impact
When users update their passwords, the new credentials may be briefly held in the server database. While this doesn’t grant the server any added capabilities—it already learns the users’ passwords as part of the authentication process—it does disrupt the expectation that passwords won’t be stored in the database. As a result, these passwords could inadvertently be captured in database backups for a longer duration.
These temporarily stored passwords are automatically erased after a 48-hour window.
Patches
https://github.com/matrix-org/synapse/pull/16272
References
This bug was due to a regression in https://github.com/matrix-org/synapse/pull/13188.
References
github.com/matrix-org/synapse
github.com/matrix-org/synapse/commit/69b74d9330e42fc91a9c7423d00a06cd6d3732bf
github.com/matrix-org/synapse/pull/13188
github.com/matrix-org/synapse/pull/16272
github.com/matrix-org/synapse/security/advisories/GHSA-4f74-84v3-j9q5
github.com/pypa/advisory-database/tree/main/vulns/matrix-synapse/PYSEC-2023-185.yaml
lists.fedoraproject.org/archives/list/[email protected]/message/2AFB2Y3S2VCPCN5P2XCZTG24MBMZ7DM4
lists.fedoraproject.org/archives/list/[email protected]/message/65QPC55I4D27HIZP7H2NQ34EOXHPP4AO
lists.fedoraproject.org/archives/list/[email protected]/message/N6P4QULVUE254WI7XF2LWWOGHCYVFXFY
nvd.nist.gov/vuln/detail/CVE-2023-41335
security.gentoo.org/glsa/202401-12
Related
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N
EPSS
Percentile
30.1%