High severity7.5NVD Advisory· Published Jun 14, 2018· Updated Jun 17, 2026
CVE-2018-12423
CVE-2018-12423
Description
In Synapse before 0.31.2, unauthorised users can hijack rooms when there is no m.room.power_levels event in force.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
matrix-synapsePyPI | < 0.31.2 | 0.31.2 |
Affected products
1Patches
Vulnerability mechanics
References
6- bugs.debian.org/901549nvdMailing ListThird Party AdvisoryWEB
- github.com/advisories/GHSA-ch5v-fhg8-7gv9ghsaADVISORY
- github.com/matrix-org/matrix-doc/issues/1304nvdThird Party AdvisoryWEB
- matrix.org/blog/2018/06/14/security-update-synapse-0-31-2/nvdVendor Advisory
- nvd.nist.gov/vuln/detail/CVE-2018-12423ghsaADVISORY
- matrix.org/blog/2018/06/14/security-update-synapse-0-31-2ghsaWEB
News mentions
0No linked articles in our index yet.