CVE-2021-21332 - OpenCVE

Synapse is a Matrix reference homeserver written in python (pypi package matrix-synapse). Matrix is an ecosystem for open federated Instant Messaging and VoIP. In Synapse before version 1.27.0, the password reset endpoint served via Synapse was vulnerable to cross-site scripting (XSS) attacks. The impact depends on the configuration of the domain that Synapse is deployed on, but may allow access to cookies and other browser data, CSRF vulnerabilities, and access to other resources served on the same domain or parent domains. This is fixed in version 1.27.0.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact High

Integrity Impact Low

Availability Impact None

User Interaction Required

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:M/Au:N/C:N/I:P/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Matrix	Synapse
Fedoraproject	Fedora

Configuration 1 [-]

cpe:2.3:a:matrix:synapse:*:*:*:*:*:*:*:*

Configuration 2 [-]

cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*

References

Link	Resource
https://github.com/matrix-org/synapse/commit/e54746bdf7d5c831eabe4dcea76a7626f1de73df	Patch Third Party Advisory
https://github.com/matrix-org/synapse/pull/9200	Patch Third Party Advisory
https://github.com/matrix-org/synapse/releases/tag/v1.27.0	Third Party Advisory
https://github.com/matrix-org/synapse/security/advisories/GHSA-246w-56m2-5899	Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TNNAJOZNMVMXM6AS7RFFKB4QLUJ4IFEY/

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: GitHub_M

Published: 2021-03-26T19:55:17

Updated: 2021-08-02T02:06:29

Reserved: 2020-12-22T00:00:00

Link: CVE-2021-21332

JSON object: View

NVD Information

Status : Modified

Published: 2021-03-26T20:15:11.843

Modified: 2023-11-07T03:29:48.877

Link: CVE-2021-21332

JSON object: View

Redhat Information

No data.

CWE

CWE-79

{"containers": {"cna": {"affected": [{"product": "synapse", "vendor": "matrix-org", "versions": [{"status": "affected", "version": "< 1.27.0"}]}], "descriptions": [{"lang": "en", "value": "Synapse is a Matrix reference homeserver written in python (pypi package matrix-synapse). Matrix is an ecosystem for open federated Instant Messaging and VoIP. In Synapse before version 1.27.0, the password reset endpoint served via Synapse was vulnerable to cross-site scripting (XSS) attacks. The impact depends on the configuration of the domain that Synapse is deployed on, but may allow access to cookies and other browser data, CSRF vulnerabilities, and access to other resources served on the same domain or parent domains. This is fixed in version 1.27.0."}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-79", "description": "CWE-79 Cross-site Scripting (XSS)", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2021-08-02T02:06:29", "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/matrix-org/synapse/security/advisories/GHSA-246w-56m2-5899"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/matrix-org/synapse/releases/tag/v1.27.0"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/matrix-org/synapse/pull/9200"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/matrix-org/synapse/commit/e54746bdf7d5c831eabe4dcea76a7626f1de73df"}, {"name": "FEDORA-2021-a627cfd31e", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TNNAJOZNMVMXM6AS7RFFKB4QLUJ4IFEY/"}], "source": {"advisory": "GHSA-246w-56m2-5899", "discovery": "UNKNOWN"}, "title": "Cross-site scripting (XSS) vulnerability in the password reset endpoint", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security-advisories@github.com", "ID": "CVE-2021-21332", "STATE": "PUBLIC", "TITLE": "Cross-site scripting (XSS) vulnerability in the password reset endpoint"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "synapse", "version": {"version_data": [{"version_value": "< 1.27.0"}]}}]}, "vendor_name": "matrix-org"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Synapse is a Matrix reference homeserver written in python (pypi package matrix-synapse). Matrix is an ecosystem for open federated Instant Messaging and VoIP. In Synapse before version 1.27.0, the password reset endpoint served via Synapse was vulnerable to cross-site scripting (XSS) attacks. The impact depends on the configuration of the domain that Synapse is deployed on, but may allow access to cookies and other browser data, CSRF vulnerabilities, and access to other resources served on the same domain or parent domains. This is fixed in version 1.27.0."}]}, "impact": {"cvss": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-79 Cross-site Scripting (XSS)"}]}]}, "references": {"reference_data": [{"name": "https://github.com/matrix-org/synapse/security/advisories/GHSA-246w-56m2-5899", "refsource": "CONFIRM", "url": "https://github.com/matrix-org/synapse/security/advisories/GHSA-246w-56m2-5899"}, {"name": "https://github.com/matrix-org/synapse/releases/tag/v1.27.0", "refsource": "MISC", "url": "https://github.com/matrix-org/synapse/releases/tag/v1.27.0"}, {"name": "https://github.com/matrix-org/synapse/pull/9200", "refsource": "MISC", "url": "https://github.com/matrix-org/synapse/pull/9200"}, {"name": "https://github.com/matrix-org/synapse/commit/e54746bdf7d5c831eabe4dcea76a7626f1de73df", "refsource": "MISC", "url": "https://github.com/matrix-org/synapse/commit/e54746bdf7d5c831eabe4dcea76a7626f1de73df"}, {"name": "FEDORA-2021-a627cfd31e", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TNNAJOZNMVMXM6AS7RFFKB4QLUJ4IFEY/"}]}, "source": {"advisory": "GHSA-246w-56m2-5899", "discovery": "UNKNOWN"}}}}, "cveMetadata": {"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "assignerShortName": "GitHub_M", "cveId": "CVE-2021-21332", "datePublished": "2021-03-26T19:55:17", "dateReserved": "2020-12-22T00:00:00", "dateUpdated": "2021-08-02T02:06:29", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:matrix:synapse:*:*:*:*:*:*:*:*", "matchCriteriaId": "E8EA28E9-E52F-44E4-8B22-A35D16744A0C", "versionEndExcluding": "1.27.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*", "matchCriteriaId": "A930E247-0B43-43CB-98FF-6CE7B8189835", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Synapse is a Matrix reference homeserver written in python (pypi package matrix-synapse). Matrix is an ecosystem for open federated Instant Messaging and VoIP. In Synapse before version 1.27.0, the password reset endpoint served via Synapse was vulnerable to cross-site scripting (XSS) attacks. The impact depends on the configuration of the domain that Synapse is deployed on, but may allow access to cookies and other browser data, CSRF vulnerabilities, and access to other resources served on the same domain or parent domains. This is fixed in version 1.27.0."}, {"lang": "es", "value": "Synapse es un servidor dom\u00e9stico de referencia de Matrix escrito en python (paquete pypi matrix-synapse). Matrix es un ecosistema para VoIP y mensajer\u00eda instant\u00e1nea federada abierta. En Synapse versiones anteriores a 1.27.0, el endpoint de restablecimiento de contrase\u00f1a servido por medio de Synapse era vulnerable a ataques de tipo cross-site scripting (XSS). El impacto depende de la configuraci\u00f3n del dominio en el que es implementado Synapse, pero puede permitir el acceso a cookies y otros datos del navegador, vulnerabilidades de tipo CSRF y acceso a otros recursos que se encuentran en el mismo dominio o dominios principales. Esto es corregido en la versi\u00f3n 1.27.0."}], "id": "CVE-2021-21332", "lastModified": "2023-11-07T03:29:48.877", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 4.7, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 1.6, "impactScore": 4.7, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2021-03-26T20:15:11.843", "references": [{"source": "security-advisories@github.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/matrix-org/synapse/commit/e54746bdf7d5c831eabe4dcea76a7626f1de73df"}, {"source": "security-advisories@github.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/matrix-org/synapse/pull/9200"}, {"source": "security-advisories@github.com", "tags": ["Third Party Advisory"], "url": "https://github.com/matrix-org/synapse/releases/tag/v1.27.0"}, {"source": "security-advisories@github.com", "tags": ["Third Party Advisory"], "url": "https://github.com/matrix-org/synapse/security/advisories/GHSA-246w-56m2-5899"}, {"source": "security-advisories@github.com", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TNNAJOZNMVMXM6AS7RFFKB4QLUJ4IFEY/"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-79"}], "source": "security-advisories@github.com", "type": "Secondary"}]}