CVE-2018-12423

CVE-2018-12423

EPSS 1.8%

In Synapse before 0.31.2, unauthorised users can hijack rooms when there is no m.room.power_levels event in force.

Produtos afetados

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://bugs.debian.org/901549 https://github.com/matrix-org/matrix-doc/issues/1304 https://matrix.org/blog/2018/06/14/security-update-synapse-0-31-2/