CVE-2022-39374 Vulnerability Details

  /     /     /  

CVE-2022-39374 Metadata Quick Info

CVE Published: 26/05/2023 | CVE Updated: 03/08/2024 | CVE Year: 2022
Source: GitHub_M | Vendor: matrix-org | Product: synapse
Status : PUBLISHED

---

CVE-2022-39374 Description

Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. If Synapse and a malicious homeserver are both joined to the same room, the malicious homeserver can trick Synapse into accepting previously rejected events into its view of the current state of that room. This can be exploited in a way that causes all further messages and state changes sent in that room from the vulnerable homeserver to be rejected. This issue has been patched in version 1.68.0

Metrics

CVSS Version: 3.1 | Base Score: n/a
Vector: n/a

l➤ Exploitability Metrics:
    Attack Vector (AV)*
    Attack Complexity (AC)*
    Privileges Required (PR)*
    User Interaction (UI)*
    Scope (S)*

l➤ Impact Metrics:
    Confidentiality Impact (C)*
    Integrity Impact (I)*
    Availability Impact (A)*

Weakness Enumeration (CWE)

CWE-ID: CWE-400
CWE Name: CWE-400: Uncontrolled Resource Consumption
Source: matrix-org

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).