CVE-2022-39374 - OpenCVE

Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. If Synapse and a malicious homeserver are both joined to the same room, the malicious homeserver can trick Synapse into accepting previously rejected events into its view of the current state of that room. This can be exploited in a way that causes all further messages and state changes sent in that room from the vulnerable homeserver to be rejected. This issue has been patched in version 1.68.0

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Matrix	Synapse

Configuration 1 [-]

cpe:2.3:a:matrix:synapse:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://github.com/matrix-org/synapse/pull/13723
https://github.com/matrix-org/synapse/security/advisories/GHSA-p9qp-c452-f9r7
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UJIJRP5ZH6B3KGFLHCAKR2IX2Y4Z25QD/

History

No history.

MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2023-05-26T13:44:44.113Z

Updated: 2024-08-03T12:00:44.179Z

Reserved: 2022-09-02T14:16:35.887Z

Link: CVE-2022-39374

Vulnrichment

No data.

NVD

Status : Modified

Published: 2023-05-26T14:15:10.257

Modified: 2023-09-18T04:15:09.160

Link: CVE-2022-39374

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2022-39374", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2022-09-02T14:16:35.887Z", "datePublished": "2023-05-26T13:44:44.113Z", "dateUpdated": "2024-08-03T12:00:44.179Z"}, "containers": {"cna": {"title": "Synapse Denial of service due to incorrect application of event authorization rules during state resolution", "problemTypes": [{"descriptions": [{"cweId": "CWE-400", "lang": "en", "description": "CWE-400: Uncontrolled Resource Consumption", "type": "CWE"}]}], "metrics": [{"cvssV3_0": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.0"}}], "references": [{"name": "https://github.com/matrix-org/synapse/security/advisories/GHSA-p9qp-c452-f9r7", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/matrix-org/synapse/security/advisories/GHSA-p9qp-c452-f9r7"}, {"name": "https://github.com/matrix-org/synapse/pull/13723", "tags": ["x_refsource_MISC"], "url": "https://github.com/matrix-org/synapse/pull/13723"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UJIJRP5ZH6B3KGFLHCAKR2IX2Y4Z25QD/"}], "affected": [{"vendor": "matrix-org", "product": "synapse", "versions": [{"version": ">= 1.62.0, < 1.68.0", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2023-05-26T13:44:44.113Z"}, "descriptions": [{"lang": "en", "value": "Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. If Synapse and a malicious homeserver are both joined to the same room, the malicious homeserver can trick Synapse into accepting previously rejected events into its view of the current state of that room. This can be exploited in a way that causes all further messages and state changes sent in that room from the vulnerable homeserver to be rejected. This issue has been patched in version 1.68.0\n\n"}], "source": {"advisory": "GHSA-p9qp-c452-f9r7", "discovery": "UNKNOWN"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T12:00:44.179Z"}, "title": "CVE Program Container", "references": [{"name": "https://github.com/matrix-org/synapse/security/advisories/GHSA-p9qp-c452-f9r7", "tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/matrix-org/synapse/security/advisories/GHSA-p9qp-c452-f9r7"}, {"name": "https://github.com/matrix-org/synapse/pull/13723", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/matrix-org/synapse/pull/13723"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UJIJRP5ZH6B3KGFLHCAKR2IX2Y4Z25QD/", "tags": ["x_transferred"]}]}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:matrix:synapse:*:*:*:*:*:*:*:*", "matchCriteriaId": "0E4819D4-BB7E-4494-B77D-FC6BD5848FE6", "versionEndExcluding": "1.68.0", "versionStartIncluding": "1.62.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. If Synapse and a malicious homeserver are both joined to the same room, the malicious homeserver can trick Synapse into accepting previously rejected events into its view of the current state of that room. This can be exploited in a way that causes all further messages and state changes sent in that room from the vulnerable homeserver to be rejected. This issue has been patched in version 1.68.0\n\n"}, {"lang": "es", "value": "Synapse es un servidor dom\u00e9stico Matrix de c\u00f3digo abierto escrito y mantenido por la Fundaci\u00f3n Matrix.org. Si Synapse y un servidor dom\u00e9stico malicioso est\u00e1n unidos a la misma habitaci\u00f3n, el servidor dom\u00e9stico malicioso puede enga\u00f1ar a Synapse para que acepte eventos previamente rechazados en su vista del estado actual de esa sala. Esto se puede explotar de una manera que haga que todos los mensajes adicionales y los cambios de estado enviados en esa habitaci\u00f3n desde el servidor dom\u00e9stico vulnerable sean rechazados. Este problema se ha corregido en la versi\u00f3n 1.68.0 "}], "id": "CVE-2022-39374", "lastModified": "2023-09-18T04:15:09.160", "metrics": {"cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "security-advisories@github.com", "type": "Secondary"}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-05-26T14:15:10.257", "references": [{"source": "security-advisories@github.com", "tags": ["Issue Tracking", "Patch"], "url": "https://github.com/matrix-org/synapse/pull/13723"}, {"source": "security-advisories@github.com", "tags": ["Mitigation", "Vendor Advisory"], "url": "https://github.com/matrix-org/synapse/security/advisories/GHSA-p9qp-c452-f9r7"}, {"source": "security-advisories@github.com", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UJIJRP5ZH6B3KGFLHCAKR2IX2Y4Z25QD/"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-400"}], "source": "security-advisories@github.com", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-400"}], "source": "nvd@nist.gov", "type": "Secondary"}]}