CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
EPSS
Percentile
30.3%
Synapse is vulnerable to Improper Authorization. The vulnerability is due to a flaw that allowed users to forge read receipts for any event. The attacker can mark any event as read even if he/she was not in the room.
github.com/advisories/GHSA-7565-cq32-vx2x
github.com/matrix-org/synapse/commit/63d28a88c1d18c64ea7e23b6dd7483e6d5dcf881
github.com/matrix-org/synapse/pull/16327
github.com/matrix-org/synapse/security/advisories/GHSA-7565-cq32-vx2x
lists.fedoraproject.org/archives/list/[email protected]/message/2AFB2Y3S2VCPCN5P2XCZTG24MBMZ7DM4/
lists.fedoraproject.org/archives/list/[email protected]/message/65QPC55I4D27HIZP7H2NQ34EOXHPP4AO/
lists.fedoraproject.org/archives/list/[email protected]/message/N6P4QULVUE254WI7XF2LWWOGHCYVFXFY/
security.gentoo.org/glsa/202401-12