VYPR
Moderate severityNVD Advisory· Published Oct 31, 2023· Updated Feb 13, 2025

Synapse vulnerable to leak of remote user device information

CVE-2023-43796

Description

Synapse is an open-source Matrix homeserver Prior to versions 1.95.1 and 1.96.0rc1, cached device information of remote users can be queried from Synapse. This can be used to enumerate the remote users known to a homeserver. System administrators are encouraged to upgrade to Synapse 1.95.1 or 1.96.0rc1 to receive a patch. As a workaround, the federation_domain_whitelist can be used to limit federation traffic with a homeserver.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
matrix-synapsePyPI
< 1.95.11.95.1

Affected products

3

Patches

Vulnerability mechanics

References

10

News mentions

0

No linked articles in our index yet.