Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Incorrect parsing of access level in gomatrixserverlib and dendrite
Vulnerability Description
gomatrixserverlib is a Go library for matrix protocol federation. Dendrite is a Matrix homeserver written in Go, an alternative to Synapse. The power level parsing within gomatrixserverlib was failing to parse the `"events_default"` key of the `m.room.power_levels` event, defaulting the event default power level to zero in all cases. Power levels are the matrix terminology for user access level. In rooms where the `"events_default"` power level had been changed, this could result in events either being incorrectly authorised or rejected by Dendrite servers. gomatrixserverlib contains a fix as of commit `723fd49` and Dendrite 0.9.3 has been updated accordingly. Matrix rooms where the `"events_default"` power level has not been changed from the default of zero are not vulnerable. Users are advised to upgrade. There are no known workarounds for this issue.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L
Vulnerability Type
授权机制不正确
Vulnerability Title
gomatrixserverlib 安全漏洞
Vulnerability Description
gomatrixserverlib是matrix.org开源的一个 Go 库。用于矩阵服务器所需的常用功能。 gomatrixserverlib存在安全漏洞,该漏洞源于其电源等级解析程序无法解析“m.room.power_leavels事件”的“events_default”关键字导致在所有情况下会将默认电源等级设置为0。
CVSS Information
N/A
Vulnerability Type
N/A