GHSA-mp92-3jfm-3575

Source

https://github.com/advisories/GHSA-mp92-3jfm-3575

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/10/GHSA-mp92-3jfm-3575/GHSA-mp92-3jfm-3575.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-mp92-3jfm-3575

Aliases

Published

2023-10-31T20:29:49Z

Modified

2025-02-13T19:37:37.483692Z

Severity

5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS Calculator

Summary

Synapse vulnerable to leak of remote user device information

Details

Impact

Cached device information of remote users can be queried from Synapse. This can be used to enumerate the remote users known to a homeserver.

Patches

System administrators are encouraged to upgrade to Synapse 1.95.1 as soon as possible.

Workarounds

The federation_domain_whitelist can be used to limit federation traffic with a homeserver.

Database specific

{
    "nvd_published_at": "2023-10-31T17:15:23Z",
    "github_reviewed_at": "2023-10-31T20:29:49Z",
    "cwe_ids": [
        "CWE-200"
    ],
    "severity": "MODERATE",
    "github_reviewed": true
}

References

Affected packages

PyPI / matrix-synapse

Package

Name: matrix-synapse; View open source insights on deps.dev
Purl: pkg:pypi/matrix-synapse

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.95.1

Affected versions

0.*

0.33.5

0.33.5.1

0.33.6rc1

0.33.6

0.33.7rc1

0.33.7rc2

0.33.7

0.33.8rc2

0.33.8

0.33.9

0.34.0rc1

0.34.0rc2

0.34.0

0.34.0.1

0.34.1.1

0.99.0rc1

0.99.0rc2

0.99.0rc3

0.99.0rc4

0.99.0

0.99.1rc1

0.99.1rc2

0.99.1

0.99.1.1

0.99.2rc1

0.99.2

0.99.3rc1

0.99.3

0.99.3.1

0.99.3.2

0.99.4rc1

0.99.4

0.99.5rc1

0.99.5

0.99.5.1

0.99.5.2

1.*

1.0.0rc1

1.0.0rc2

1.0.0rc3

1.0.0

1.1.0rc1

1.1.0rc2

1.1.0

1.2.0rc1

1.2.0rc2

1.2.0

1.2.1

1.3.0rc1

1.3.0

1.3.1

1.4.0rc1

1.4.0rc2

1.4.0

1.4.1rc1

1.4.1

1.5.0rc1

1.5.0rc2

1.5.0

1.5.1

1.6.0rc1

1.6.0rc2

1.6.0

1.6.1

1.7.0rc1

1.7.0rc2

1.7.0

1.7.1

1.7.2

1.7.3

1.8.0rc1

1.8.0

1.9.0.dev1

1.9.0.dev2

1.9.0rc1

1.9.0

1.9.1

1.10.0rc1

1.10.0rc2

1.10.0rc3

1.10.0rc5

1.10.0

1.10.1

1.11.0rc1

1.11.0

1.11.1

1.12.0rc1

1.12.0

1.12.1rc1

1.12.1

1.12.2

1.12.3

1.12.4rc1

1.12.4

1.13.0rc1

1.13.0rc2

1.13.0rc3

1.13.0

1.14.0rc1

1.14.0rc2

1.14.0

1.15.0rc1

1.15.0

1.15.1

1.15.2

1.16.0rc1

1.16.0rc2

1.16.0

1.16.1

1.17.0rc1

1.17.0

1.18.0rc1

1.18.0rc2

1.18.0

1.19.0rc1

1.19.0

1.19.1rc1

1.19.1

1.19.2

1.19.3

1.20.0rc1

1.20.0rc2

1.20.0rc3

1.20.0rc4

1.20.0rc5

1.20.0

1.20.1

1.21.0rc1

1.21.0rc2

1.21.0rc3

1.21.0

1.21.1

1.21.2

1.22.0rc1

1.22.0rc2

1.22.0

1.22.1

1.23.0rc1

1.23.0

1.23.1

1.24.0rc1

1.24.0rc2

1.24.0

1.25.0rc1

1.25.0

1.26.0rc1

1.26.0rc2

1.26.0

1.27.0rc1

1.27.0rc2

1.27.0

1.28.0rc1

1.28.0

1.29.0rc1

1.29.0

1.30.0rc1

1.30.0

1.30.1

1.31.0rc1

1.31.0

1.32.0rc1

1.32.0

1.32.1

1.32.2

1.33.0rc1

1.33.0rc2

1.33.0

1.33.1

1.33.2

1.34.0rc1

1.34.0

1.35.0rc1

1.35.0rc2

1.35.0rc3

1.35.0

1.35.1

1.36.0rc1

1.36.0rc2

1.36.0

1.37.0rc1

1.37.0

1.37.1rc1

1.37.1

1.38.0rc1

1.38.0rc2

1.38.0rc3

1.38.0

1.38.1

1.39.0rc1

1.39.0rc2

1.39.0rc3

1.39.0

1.40.0rc1

1.40.0rc2

1.40.0rc3

1.40.0

1.41.0rc1

1.41.0

1.41.1

1.42.0rc1

1.42.0rc2

1.42.0

1.43.0rc1

1.43.0rc2

1.43.0

1.44.0rc1

1.44.0rc2

1.44.0rc3

1.44.0

1.45.0rc1

1.45.0rc2

1.45.0

1.45.1

1.46.0rc1

1.46.0

1.47.0rc1

1.47.0rc2

1.47.0rc3

1.47.0

1.47.1

1.48.0rc1

1.48.0

1.49.0rc1

1.49.0

1.49.2

1.50.0rc1

1.50.0rc2

1.50.0

1.50.1

1.50.2

1.51.0rc1

1.51.0rc2

1.51.0

1.52.0rc1

1.52.0

1.53.0rc1

1.53.0

1.54.0rc1

1.54.0

1.55.0rc1

1.55.0

1.55.1

1.55.2

1.56.0rc1

1.56.0

1.57.0rc1

1.57.0

1.57.1

1.58.0rc2

1.58.0

1.58.1

1.59.0rc1

1.59.0rc2

1.59.0

1.59.1

1.60.0rc1

1.60.0rc2

1.60.0

1.61.0rc1

1.61.0

1.61.1

1.62.0rc1

1.62.0rc2

1.62.0rc3

1.62.0

1.63.0rc1

1.63.0

1.63.1

1.64.0rc1

1.64.0rc2

1.64.0

1.65.0rc1

1.65.0rc2

1.65.0

1.66.0rc1

1.66.0rc2

1.66.0

1.67.0rc1

1.67.0

1.68.0rc1

1.68.0rc2

1.68.0

1.69.0rc1

1.69.0rc2

1.69.0rc4

1.69.0

1.70.0rc1

1.70.0rc2

1.70.0

1.70.1

1.71.0rc1

1.71.0rc2

1.71.0

1.72.0rc1

1.72.0

1.73.0rc2

1.73.0

1.74.0rc1

1.74.0

1.75.0rc1

1.75.0rc2

1.75.0

1.76.0rc1

1.76.0rc2

1.76.0

1.77.0rc1

1.77.0rc2

1.77.0

1.78.0rc1

1.78.0

1.79.0rc1

1.79.0rc2

1.79.0

1.80.0rc1

1.80.0rc2

1.80.0

1.81.0rc1

1.81.0rc2

1.81.0

1.82.0rc1

1.82.0

1.83.0rc1

1.83.0

1.84.0rc1

1.84.0

1.84.1

1.85.0rc1

1.85.0rc2

1.85.0

1.85.1

1.85.2

1.86.0rc2

1.86.0

1.87.0rc1

1.87.0

1.88.0rc1

1.88.0

1.89.0rc1

1.89.0

1.90.0rc1

1.90.0

1.91.0rc1

1.91.0

1.91.1

1.91.2

1.92.0rc1

1.92.1

1.92.2

1.92.3

1.93.0rc1

1.93.0

1.94.0rc1

1.94.0

1.95.0rc1

1.95.0