Rapid7 Vulnerability & Exploit Database

Gentoo Linux: CVE-2023-43796: Synapse: Multiple Vulnerabilities

Free InsightVM Trial No Credit Card Necessary

Watch Demo See how it all works

Back to Search

Gentoo Linux: CVE-2023-43796: Synapse: Multiple Vulnerabilities

Severity

CVSS

(AV:L/AC:M/Au:N/C:P/I:P/A:P)

Published

10/31/2023

Created

01/09/2024

Added

01/08/2024

Modified

01/08/2024

Description

Synapse is an open-source Matrix homeserver Prior to versions 1.95.1 and 1.96.0rc1, cached device information of remote users can be queried from Synapse. This can be used to enumerate the remote users known to a homeserver. System administrators are encouraged to upgrade to Synapse 1.95.1 or 1.96.0rc1 to receive a patch. As a workaround, the `federation_domain_whitelist` can be used to limit federation traffic with a homeserver.

Solution(s)

gentoo-linux-upgrade-net-im-synapse

References

https://attackerkb.com/topics/cve-2023-43796
CVE - 2023-43796
202401-12

Advanced vulnerability management analytics and reporting.

Key Features

Free InsightVM Trial View All Features

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;

Rapid7 Vulnerability & Exploit Database

Gentoo Linux: CVE-2023-43796: Synapse: Multiple Vulnerabilities

Gentoo Linux: CVE-2023-43796: Synapse: Multiple Vulnerabilities

Description

Solution(s)

References

Success! Thank you for submission. We will be in touch shortly.

Oops! There was a problem in submission. Please try again.

Submit your information and we will get in touch with you.