vulnerability
FreeBSD: VID-d9f686f3-fde0-48dc-ab0a-01c2fe3e0529: py-matrix-synapse -- multiple vulnerabilities
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 8 | (AV:N/AC:L/Au:N/C:N/I:C/A:N) | Jul 3, 2020 | Jul 4, 2020 | Dec 10, 2025 |
Severity
8
CVSS
(AV:N/AC:L/Au:N/C:N/I:C/A:N)
Published
Jul 3, 2020
Added
Jul 4, 2020
Modified
Dec 10, 2025
Description
Matrix developers report: Due to the two security issues highlighted below, server administrators are encouraged to update Synapse. We are not aware of these vulnerabilities being exploited in the wild. A malicious homeserver could force Synapse to reset the state in a room to a small subset of the correct state. This affects all Synapse deployments which federate with untrusted servers. HTML pages served via Synapse were vulnerable to clickjacking attacks. This predominantly affects homeservers with single-sign-on enabled, but all server administrators are encouraged to upgrade.
Solutions
freebsd-upgrade-package-py36-matrix-synapsefreebsd-upgrade-package-py37-matrix-synapsefreebsd-upgrade-package-py38-matrix-synapse
References
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.