Vulnerability Description
Matrix Synapse before 0.33.3.1 allows remote attackers to spoof events and possibly have unspecified other impacts by leveraging improper transaction and event signature validation.
CVSS Score
8.8
HIGH
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Matrix | Synapse | < 0.33.3.1 |
| Debian | Debian Linux | 8.0 |
Related Weaknesses (CWE)
References
- https://github.com/matrix-org/synapse/issues/3796#event-1833126269PatchThird Party Advisory
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
- https://matrix.org/blog/2018/09/06/critical-security-update-synapse-0-33-3-1/Vendor Advisory
- https://github.com/matrix-org/synapse/issues/3796#event-1833126269PatchThird Party Advisory
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
- https://matrix.org/blog/2018/09/06/critical-security-update-synapse-0-33-3-1/Vendor Advisory
FAQ
What is CVE-2018-16515?
CVE-2018-16515 is a vulnerability with a CVSS score of 8.8 (HIGH). Matrix Synapse before 0.33.3.1 allows remote attackers to spoof events and possibly have unspecified other impacts by leveraging improper transaction and event signature validation.
How severe is CVE-2018-16515?
CVE-2018-16515 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2018-16515?
Check the references section above for vendor advisories and patch information. Affected products include: Matrix Synapse, Debian Debian Linux.