CVE-2021-39164

low
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

Matrix is an ecosystem for open federated Instant Messaging and Voice over IP. In versions 1.41.0 and prior, unauthorised users can access the membership (list of members, with their display names) of a room if they know the ID of the room. The vulnerability is limited to rooms with `shared` history visibility. Furthermore, the unauthorised user must be using an account on a vulnerable homeserver that is in the room. Server administrators should upgrade to 1.41.1 or later in order to receive the patch. One workaround is available. Administrators of servers that use a reverse proxy could, with potentially unacceptable loss of functionality, block the endpoints: `/_matrix/client/r0/rooms/{room_id}/members` with `at` query parameter, and `/_matrix/client/unstable/rooms/{room_id}/members` with `at` query parameter.

References

https://github.com/matrix-org/synapse/security/advisories/GHSA-3x4c-pq33-4w3q

https://github.com/matrix-org/synapse/releases/tag/v1.41.1

https://github.com/matrix-org/synapse/commit/cb35df940a

https://lists.fedoraproject.org/archives/list/[email protected]/message/PXT7ID7DNBRN2TVTETU3SYQHJKEG6PXN/

https://lists.fedoraproject.org/archives/list/[email protected]/message/2VHDEPCZ22GJFMZCWA2XZAGPOEV72POF/

Details

Source: MITRE

Published: 2021-08-31

Updated: 2021-09-24

Type: CWE-200

Risk Information

CVSS v2

Base Score: 3.5

Vector: AV:N/AC:M/Au:S/C:P/I:N/A:N

Impact Score: 2.9

Exploitability Score: 6.8

Severity: LOW

CVSS v3

Base Score: 3.1

Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N

Impact Score: 1.4

Exploitability Score: 1.6

Severity: LOW

Tenable Plugins

View all (1 total)

IDNameProductFamilySeverity
153074FreeBSD : py-matrix-synapse -- several vulnerabilities (a67e358c-0bf6-11ec-875e-901b0e9408dc)NessusFreeBSD Local Security Checks
low