CVE-2024-53867 | Mend Vulnerability Database

Vulnerability DatabaseCVE-2024-53867

CVE-2024-53867

December 03, 2024

Synapse is an open-source Matrix homeserver. The Sliding Sync feature on Synapse versions between 1.113.0rc1 and 1.120.0 can leak partial room state changes to users no longer in a room. Non-state events, like messages, are unaffected. This vulnerability is fixed in 1.120.1.

Related Resources (4)

https://github.com/element-hq/synapse

https://github.com/element-hq/synapse/security/advisories/GHSA-56w4-5538-8v8h

https://github.com/matrix-org/matrix-spec-proposals/pull/4186

https://nvd.nist.gov/vuln/detail/CVE-2024-53867

Do you need more information?

CVSS v4

Base Score:

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Attack Requirements

NONE

Privileges Required

LOW

User Interaction

NONE

Vulnerable System Confidentiality

LOW

Vulnerable System Integrity

NONE

Vulnerable System Availability

NONE

Subsequent System Confidentiality

NONE

Subsequent System Integrity

NONE

Subsequent System Availability

NONE

CVSS v3

Base Score:

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

LOW

Integrity

NONE

Availability

NONE

Weakness Type (CWE)

Exposure of Sensitive System Information to an Unauthorized Control Sphere

CWE-497

EPSS

Base Score:

0.10

Products

Solutions

Resources

Company

Compare

Developer Tools