AuthRestServlet in Matrix Synapse before 1.21.0 is vulnerable to XSS due to unsafe interpolation of the session GET parameter. This allows a remote attacker to execute an XSS attack on the domain Synapse is hosted on, by supplying the victim user with a malicious URL to the /_matrix/client/r0/auth/*/fallback/web or /_matrix/client/unstable/auth/*/fallback/web Synapse endpoints.
References
Link | Resource |
---|---|
https://github.com/matrix-org/synapse/pull/8444 | Issue Tracking Patch Third Party Advisory |
https://github.com/matrix-org/synapse/releases/tag/v1.21.2 | Release Notes Third Party Advisory |
https://github.com/matrix-org/synapse/security/advisories/GHSA-3x8c-fmpc-5rmq | Patch Third Party Advisory |
https://matrix.org/blog/2020/10/15/synapse-1-21-2-released-and-security-advisory | Release Notes Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2020-10-19T16:47:17
Updated: 2020-10-20T20:05:41
Reserved: 2020-10-08T00:00:00
Link: CVE-2020-26891
JSON object: View
NVD Information
Status : Analyzed
Published: 2020-10-19T17:15:13.220
Modified: 2020-10-26T21:30:56.057
Link: CVE-2020-26891
JSON object: View
Redhat Information
No data.
CWE