Synapse is an open-source Matrix homeserver. In Synapse versions before 1.120.1, enabling the dynamic_thumbnails option or processing a specially crafted request could trigger the decoding and thumbnail generation of uncommon image formats, potentially invoking external tools like Ghostscript for processing. This significantly expands the attack surface in a historically vulnerable area, presenting a risk that far outweighs the benefit, particularly since these formats are rarely used on the open web or within the Matrix ecosystem. Synapse 1.120.1 addresses the issue by restricting thumbnail generation to images in the following widely used formats: PNG, JPEG, GIF, and WebP. This vulnerability is fixed in 1.120.1.

The remote Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-7444-1 advisory.

    It was discovered that Synapse network policies could be bypassed via specially crafted URLs. An attacker     could possibly use this issue to bypass authentication mechanisms. (CVE-2023-32683)

    It was discovered that Synapse exposed cached device information. An attacker could possibly use this     issue to gain access to sensitive information. (CVE-2023-43796)

    It was discovered that Synapse could be tricked into rejecting state changes in rooms. An attacker could     possibly use this issue to cause Synapse to stop functioning properly, resulting in a denial of service.
    This issue was only fixed in Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2022-39374)

    It was discovered that Synapse stored user credentials in a server's database temporarily. An attacker     could possibly use this issue to gain access to sensitive information. This issue was only fixed in Ubuntu     22.04 LTS. (CVE-2023-41335)

    It was discovered that Synapse could incorrectly respond to server authorization events. An attacker could     possibly use this issue to bypass authentication mechanisms. This issue was only fixed in Ubuntu 22.04     LTS. (CVE-2022-39335)

    It was discovered that Synapse could be manipulated to mark messages as read when they had not been     viewed. An attacker could possibly use this issue to perform repudiation-based attacks. This issue was     only fixed in Ubuntu 22.04 LTS. (CVE-2023-42453)

    It was discovered that Synapse had several memory-related issues. An attacker could possibly use this     issue to cause Synapse to crash, resulting in a denial of service. This issue was only fixed in Ubuntu     22.04 LTS. (CVE-2024-31208)

    It was discovered that Synapse could run external tools due to a unchecked thumbnail rendering routine. An     attacker could possibly use this issue to cause Synapse to crash, resulting in a denial of service, or     execute arbitrary code. This issue was only fixed in Ubuntu 22.04 LTS. (CVE-2024-53863)

Tenable has extracted the preceding description block directly from the Ubuntu security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 71f3e9f0-bafc-11ef-885d-901b0e934d69 advisory.

    element-hq/synapse developers report:
    [The 1.120.1] release fixes multiple security                     vulnerabilities, some affecting all prior versions of                     Synapse. Server administrators are encouraged to                     update Synapse as soon as possible. We are not aware                     of these vulnerabilities being exploited in the                     wild.
    Administrators who are unable to update Synapse may                     use the workarounds described in the linked GitHub                     Security Advisory below.

Tenable has extracted the preceding description block directly from the FreeBSD security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Fedora 41 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-4cadba7a29 advisory.

    CVE-2024-52805, CVE-2024-52815, CVE-2024-53863, CVE-2024-53867

    ----

    Backport fixes from v1.120.1

Tenable has extracted the preceding description block directly from the Fedora security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Fedora 40 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-995720f767 advisory.

    CVE-2024-52805, CVE-2024-52815, CVE-2024-53863

    ----

    Backport fixes from v1.120.1

Tenable has extracted the preceding description block directly from the Fedora security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

ID	Name	Product	Family	Severity
234734	Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS : Synapse vulnerabilities (USN-7444-1)	Nessus	Ubuntu Local Security Checks	high
213068	FreeBSD : py-matrix-synapse -- multiple vulnerabilities in versions prior to 1.120.1 (71f3e9f0-bafc-11ef-885d-901b0e934d69)	Nessus	FreeBSD Local Security Checks	high
212753	Fedora 41 : matrix-synapse (2024-4cadba7a29)	Nessus	Fedora Local Security Checks	high
212749	Fedora 40 : matrix-synapse (2024-995720f767)	Nessus	Fedora Local Security Checks	high

Detections

Analytics

CVE-2024-53863

high

Tenable Plugins

high

high

high

high