VYPR
High severityOSV Advisory· Published Mar 19, 2019· Updated Aug 4, 2024

CVE-2019-5885

CVE-2019-5885

Description

Matrix Synapse before 0.34.0.1, when the macaroon_secret_key authentication parameter is not set, uses a predictable value to derive a secret key and other secrets which could allow remote attackers to impersonate users.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
matrix-synapsePyPI
< 0.34.0.10.34.0.1

Affected products

3

Patches

Vulnerability mechanics

References

15

News mentions

0

No linked articles in our index yet.