CVE-2022-39374 - OpenCVE

Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. If Synapse and a malicious homeserver are both joined to the same room, the malicious homeserver can trick Synapse into accepting previously rejected events into its view of the current state of that room. This can be exploited in a way that causes all further messages and state changes sent in that room from the vulnerable homeserver to be rejected. This issue has been patched in version 1.68.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Matrix	Synapse

Configuration 1 [-]

cpe:2.3:a:matrix:synapse:*:*:*:*:*:*:*:*

References

Link	Resource
https://github.com/matrix-org/synapse/pull/13723	Issue Tracking Patch
https://github.com/matrix-org/synapse/security/advisories/GHSA-p9qp-c452-f9r7	Mitigation Vendor Advisory
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UJIJRP5ZH6B3KGFLHCAKR2IX2Y4Z25QD/

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: GitHub_M

Published: 2023-05-26T13:44:44.113Z

Updated: 2023-05-26T13:44:44.113Z

Reserved: 2022-09-02T14:16:35.887Z

Link: CVE-2022-39374

JSON object: View

NVD Information

Status : Modified

Published: 2023-05-26T14:15:10.257

Modified: 2023-09-18T04:15:09.160

Link: CVE-2022-39374

JSON object: View

Redhat Information

No data.

CWE

CWE-400

{"dataType": "CVE_RECORD", "dataVersion": "5.0", "cveMetadata": {"cveId": "CVE-2022-39374", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2022-09-02T14:16:35.887Z", "datePublished": "2023-05-26T13:44:44.113Z", "dateUpdated": "2023-05-26T13:44:44.113Z"}, "containers": {"cna": {"title": "Synapse Denial of service due to incorrect application of event authorization rules during state resolution", "problemTypes": [{"descriptions": [{"cweId": "CWE-400", "lang": "en", "description": "CWE-400: Uncontrolled Resource Consumption", "type": "CWE"}]}], "metrics": [{"cvssV3_0": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.0"}}], "references": [{"name": "https://github.com/matrix-org/synapse/security/advisories/GHSA-p9qp-c452-f9r7", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/matrix-org/synapse/security/advisories/GHSA-p9qp-c452-f9r7"}, {"name": "https://github.com/matrix-org/synapse/pull/13723", "tags": ["x_refsource_MISC"], "url": "https://github.com/matrix-org/synapse/pull/13723"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UJIJRP5ZH6B3KGFLHCAKR2IX2Y4Z25QD/"}], "affected": [{"vendor": "matrix-org", "product": "synapse", "versions": [{"version": ">= 1.62.0, < 1.68.0", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2023-05-26T13:44:44.113Z"}, "descriptions": [{"lang": "en", "value": "Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. If Synapse and a malicious homeserver are both joined to the same room, the malicious homeserver can trick Synapse into accepting previously rejected events into its view of the current state of that room. This can be exploited in a way that causes all further messages and state changes sent in that room from the vulnerable homeserver to be rejected. This issue has been patched in version 1.68.0\n\n"}], "source": {"advisory": "GHSA-p9qp-c452-f9r7", "discovery": "UNKNOWN"}}}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:matrix:synapse:*:*:*:*:*:*:*:*", "matchCriteriaId": "0E4819D4-BB7E-4494-B77D-FC6BD5848FE6", "versionEndExcluding": "1.68.0", "versionStartIncluding": "1.62.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. If Synapse and a malicious homeserver are both joined to the same room, the malicious homeserver can trick Synapse into accepting previously rejected events into its view of the current state of that room. This can be exploited in a way that causes all further messages and state changes sent in that room from the vulnerable homeserver to be rejected. This issue has been patched in version 1.68.0\n\n"}, {"lang": "es", "value": "Synapse es un servidor dom\u00e9stico Matrix de c\u00f3digo abierto escrito y mantenido por la Fundaci\u00f3n Matrix.org. Si Synapse y un servidor dom\u00e9stico malicioso est\u00e1n unidos a la misma habitaci\u00f3n, el servidor dom\u00e9stico malicioso puede enga\u00f1ar a Synapse para que acepte eventos previamente rechazados en su vista del estado actual de esa sala. Esto se puede explotar de una manera que haga que todos los mensajes adicionales y los cambios de estado enviados en esa habitaci\u00f3n desde el servidor dom\u00e9stico vulnerable sean rechazados. Este problema se ha corregido en la versi\u00f3n 1.68.0 "}], "id": "CVE-2022-39374", "lastModified": "2023-09-18T04:15:09.160", "metrics": {"cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "security-advisories@github.com", "type": "Secondary"}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-05-26T14:15:10.257", "references": [{"source": "security-advisories@github.com", "tags": ["Issue Tracking", "Patch"], "url": "https://github.com/matrix-org/synapse/pull/13723"}, {"source": "security-advisories@github.com", "tags": ["Mitigation", "Vendor Advisory"], "url": "https://github.com/matrix-org/synapse/security/advisories/GHSA-p9qp-c452-f9r7"}, {"source": "security-advisories@github.com", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UJIJRP5ZH6B3KGFLHCAKR2IX2Y4Z25QD/"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-400"}], "source": "security-advisories@github.com", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-400"}], "source": "nvd@nist.gov", "type": "Secondary"}]}