Information Exposure Affecting matrix-synapse package, versions [1.66.0,1.93.0)
Threat Intelligence
EPSS
0.08% (35th
percentile)
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-PYTHON-MATRIXSYNAPSE-5920322
- published 27 Sep 2023
- disclosed 26 Sep 2023
- credit Unknown
Introduced: 26 Sep 2023
CVE-2023-41335 Open this link in a new tabHow to fix?
Upgrade matrix-synapse
to version 1.93.0 or higher.
Overview
matrix-synapse is an ecosystem for open federated Instant Messaging and VoIP.
Affected versions of this package are vulnerable to Information Exposure due to temporarily stored plaintext passwords in the server database. An attacker can potentially access these passwords if they have access to the database backups.
References
CVSS Scores
version 3.1