Lucene search

K

Veracode Vulnerability DatabaseVERACODE:43417

HistorySep 28, 2023 - 8:36 a.m.

Plaintext Password Storage

2023-09-2808:36:12

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

10

synapse

vulnerability

plaintext

password

storage

server

database

backups

CVSS3

3.7

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N

EPSS

0.001

Percentile

30.1%

Synapse is vulnerable to Plaintext Password Storage. The vulnerability is due to the brief storage of updated credentials in the server database, which could result in passwords being inadvertently captured in database backups for a longer duration then anticipated.

References

github.com/advisories/GHSA-4f74-84v3-j9q5

github.com/matrix-org/synapse/commit/69b74d9330e42fc91a9c7423d00a06cd6d3732bf

github.com/matrix-org/synapse/pull/16272

github.com/matrix-org/synapse/security/advisories/GHSA-4f74-84v3-j9q5

lists.fedoraproject.org/archives/list/[email protected]/message/2AFB2Y3S2VCPCN5P2XCZTG24MBMZ7DM4/

lists.fedoraproject.org/archives/list/[email protected]/message/65QPC55I4D27HIZP7H2NQ34EOXHPP4AO/

lists.fedoraproject.org/archives/list/[email protected]/message/N6P4QULVUE254WI7XF2LWWOGHCYVFXFY/

security.gentoo.org/glsa/202401-12

CVSS3

3.7

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N

EPSS

0.001

Percentile

30.1%

Related for VERACODE:43417

cve1 osv4 prion1 cvelist1 nvd1 ubuntucve1 alpinelinux1 github1 debiancve1 openvas3 nessus4 fedora3 gentoo1