Description

Synapse is an open-source Matrix homeserver. The Sliding Sync feature on Synapse versions between 1.113.0rc1 and 1.120.0 can leak partial room state changes to users no longer in a room. Non-state events, like messages, are unaffected. This vulnerability is fixed in 1.120.1.

INFO

Published Date :

2024-12-03T16:52:01.596Z

Last Modified :

2024-12-03T19:07:19.919Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2024-53867 vulnerability.

Vendors Products
Element-hq
  • Synapse
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-53867.

URL Resource
https://github.com/element-hq/synapse/security/advisories/GHSA-56w4-5538-8v8h cve-icon cve-icon
https://github.com/matrix-org/matrix-spec-proposals/pull/4186 cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact