ID CVE-2019-18835
Summary Matrix Synapse before 1.5.0 mishandles signature checking on some federation APIs. Events sent over /send_join, /send_leave, and /invite may not be correctly signed, or may not come from the expected servers.
References
Vulnerable Configurations
CVSS
Base: 5.0
Impact:
Exploitability:
Access
VectorComplexityAuthentication
Impact
ConfidentialityIntegrityAvailability
assigner via4 cve@mitre.org
vulnerable_product via4
    Last major update 08-11-2019 - 00:15
    Published 08-11-2019 - 00:15
    Last modified 08-11-2019 - 01:29
    Back to Top