Matrix Synapse 1.94.0

CPE Details

Matrix Synapse 1.94.0
matrix
synapse
1.94.0
2023-11-28
17h36 +00:00
2023-11-28
17h36 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:matrix:synapse:1.94.0:-:*:*:*:*:*:*

Informations

Vendor

matrix

Product

synapse

Version

1.94.0

Update

-

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2023-43796 2023-10-31 16h52 +00:00 Synapse is an open-source Matrix homeserver Prior to versions 1.95.1 and 1.96.0rc1, cached device information of remote users can be queried from Synapse. This can be used to enumerate the remote users known to a homeserver. System administrators are encouraged to upgrade to Synapse 1.95.1 or 1.96.0rc1 to receive a patch. As a workaround, the `federation_domain_whitelist` can be used to limit federation traffic with a homeserver.
5.3
Medium
The information presented on CVE Find originates from several carefully selected reference sources. CVE data is provided by MITRE Corporation and the National Vulnerability Database (NVD). The Known Exploited Vulnerabilities (KEV) catalog is sourced from the Cybersecurity and Infrastructure Security Agency (CISA), while EPSS scores come from FIRST.org. Additionally, data regarding software weaknesses (CWE) and common attack patterns (CAPEC) is maintained by MITRE Corporation, and information on hardware and software configurations (CPE) is provided by the NVD.