ID CVE-2018-12291
Summary The on_get_missing_events function in handlers/federation.py in Matrix Synapse before 0.31.1 has a security bug in the get_missing_events federation API where event visibility rules were not applied correctly.
References
Vulnerable Configurations
CVSS
Base: 5.0
Impact:
Exploitability:
CWE CWE-254
CAPEC
nessus via4
NASL family SuSE Local Security Checks
NASL id OPENSUSE-2018-654.NASL
description This update for matrix-synapse fixes the following security issue : - CVE-2018-12291: visibility rules were not applied correctly in the get_missing_events federation API (boo#1096833)
last seen 2018-09-05
modified 2018-09-04
plugin id 110633
published 2018-06-21
reporter Tenable
source https://www.tenable.com/plugins/index.php?view=single&id=110633
title openSUSE Security Update : matrix-synapse (openSUSE-2018-654)
refmap via4
confirm
Last major update 13-06-2018 - 10:29
Published 13-06-2018 - 10:29
Last modified 14-08-2018 - 12:55
Back to Top