Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Synapse vulnerable to leak of remote user device information
Vulnerability Description
Synapse is an open-source Matrix homeserver Prior to versions 1.95.1 and 1.96.0rc1, cached device information of remote users can be queried from Synapse. This can be used to enumerate the remote users known to a homeserver. System administrators are encouraged to upgrade to Synapse 1.95.1 or 1.96.0rc1 to receive a patch. As a workaround, the `federation_domain_whitelist` can be used to limit federation traffic with a homeserver.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Vulnerability Type
信息暴露
Vulnerability Title
Matrix Synapse 信息泄露漏洞
Vulnerability Description
Matrix Synapse是英国Matrix基金会的一款矩阵管理服务器的实现。 Matrix Synapse 1.95.1之前、1.96.0rc1之前版本存在信息泄露漏洞,该漏洞源于可以从Synapse查询远程用户缓存的设备信息,这可用于枚举用户。
CVSS Information
N/A
Vulnerability Type
N/A