Vendor CVEs
Matrix Org
All CVEs
98 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-24024 | Cri | 0.52 | 9.1 | 0.01 | Jan 21, 2025 | Mjolnir is a moderation tool for Matrix. Mjolnir v1.9.0 responds to management commands from any room the bot is member of. This can allow users who aren't operators of the bot to use the bot's functions, including server administration components if enabled. Version 1.9.1… | ||
| CVE-2024-47824 | Hig | 0.50 | — | 0.01 | Oct 15, 2024 | matrix-react-sdk is react-based software development kit for inserting a Matrix chat/VOIP client into a web page. Starting in version 3.18.0 and before 3.102.0, matrix-react-sdk allows a malicious homeserver to potentially steal message keys for a room when a user invites… | ||
| CVE-2024-47080 | Hig | 0.50 | — | 0.01 | Oct 15, 2024 | matrix-js-sdk is the Matrix Client-Server SDK for JavaScript and TypeScript. In matrix-js-sdk versions versions 9.11.0 through 34.7.0, the method `MatrixClient.sendSharedHistoryKeys` is vulnerable to interception by malicious homeservers. The method was introduced by MSC3061)… | ||
| CVE-2025-54315 | Hig | 0.39 | 7.1 | 0.00 | Oct 2, 2025 | The Matrix specification before 1.16 (i.e., with a room version before 12) lacks create event uniqueness. | ||
| CVE-2025-49090 | Hig | 0.39 | 7.1 | 0.00 | Oct 2, 2025 | The Matrix specification before 1.16 (i.e., with a room version before 12 and State Resolution before 2.1) has deficient state resolution. | ||
| CVE-2025-23197 | Med | 0.35 | 6.5 | 0.00 | Jan 27, 2025 | matrix-hookshot is a Matrix bot for connecting to external services like GitHub, GitLab, JIRA, and more. When Hookshot 6 version 6.0.1 or below, or Hookshot 5 version 5.4.1 or below, is configured with GitHub support, it is vulnerable to a Denial of Service (DoS) whereby it can… | ||
| CVE-2025-27155 | Med | 0.33 | 6.1 | 0.00 | Mar 4, 2025 | Pinecone is an experimental overlay routing protocol suite which is the foundation of the current P2P Matrix demos. The Pinecone Simulator (pineconesim) included in Pinecone up to commit ea4c337 is vulnerable to stored cross-site scripting. The payload storage is not permanent… | ||
| CVE-2024-34353 | Med | 0.29 | 5.5 | 0.00 | May 14, 2024 | The matrix-sdk-crypto crate, part of the Matrix Rust SDK project, is an implementation of a Matrix end-to-end encryption state machine in Rust. In Matrix, the server-side `key backup` stores encrypted copies of Matrix message keys. This facilitates key sharing between a user's… | ||
| CVE-2024-52505 | Med | 0.28 | 5.4 | 0.00 | Nov 14, 2024 | matrix-appservice-irc is a Node.js IRC bridge for the Matrix messaging protocol. The provisioning API of the matrix-appservice-irc bridge up to version 3.0.2 contains a vulnerability which can lead to arbitrary IRC command execution as the bridge IRC bot. The vulnerability has… | ||
| CVE-2024-50336 | Med | 0.28 | — | 0.01 | Nov 12, 2024 | matrix-js-sdk is a Matrix messaging protocol Client-Server SDK for JavaScript. matrix-js-sdk before 34.11.0 is vulnerable to client-side path traversal via crafted MXC URIs. A malicious room member can trigger clients based on the matrix-js-sdk to issue arbitrary authenticated… | ||
| CVE-2024-40648 | Med | 0.28 | 5.4 | 0.00 | Jul 18, 2024 | matrix-rust-sdk is an implementation of a Matrix client-server library in Rust. The `UserIdentity::is_verified()` method in the matrix-sdk-crypto crate before version 0.7.2 doesn't take into account the verification status of the user's own identity while performing the check… | ||
| CVE-2025-53549 | Med | 0.27 | — | 0.00 | Jul 10, 2025 | The Matrix Rust SDK is a collection of libraries that make it easier to build Matrix clients in Rust. An SQL injection vulnerability in the EventCache::find_event_with_relations method of matrix-sdk 0.11 and 0.12 allows malicious room members to execute arbitrary SQL commands in… | ||
| CVE-2025-48937 | Med | 0.25 | 4.9 | 0.00 | Jun 10, 2025 | matrix-rust-sdk is an implementation of a Matrix client-server library in Rust. matrix-sdk-crypto since version 0.8.0 and up to 0.11.0 does not correctly validate the sender of an encrypted event. Accordingly, a malicious homeserver operator can modify events served to clients,… | ||
| CVE-2024-52594 | Med | 0.21 | 4.3 | 0.00 | Jan 16, 2025 | Gomatrixserverlib is a Go library for matrix federation. Gomatrixserverlib is vulnerable to server-side request forgery, serving content from a private network it can access, under certain conditions. The commit `c4f1e01` fixes this issue. Users are advised to upgrade. Users… | ||
| CVE-2024-52813 | Med | 0.21 | 4.3 | 0.00 | Jan 7, 2025 | matrix-rust-sdk is an implementation of a Matrix client-server library in Rust. Versions of the matrix-sdk-crypto Rust crate before 0.8.0 lack a dedicated mechanism to notify that a user's cryptographic identity has changed from a verified to an unverified one, which could cause… | ||
| CVE-2024-39691 | Med | 0.21 | 4.3 | 0.00 | Jul 5, 2024 | matrix-appservice-irc is a Node.js IRC bridge for the Matrix messaging protocol. The fix for GHSA-wm4w-7h2q-3pf7 / CVE-2024-32000 included in matrix-appservice-irc 2.0.0 relied on the Matrix homeserver-provided timestamp to determine whether a user has access to the event… | ||
| CVE-2024-32000 | Med | 0.21 | 4.3 | 0.00 | Apr 12, 2024 | matrix-appservice-irc is a Node.js IRC bridge for the Matrix messaging protocol. matrix-appservice-irc before version 2.0.0 can be exploited to leak the truncated body of a message if a malicious user sends a Matrix reply to an event ID they don't have access to. As a… | ||
| CVE-2024-40640 | Low | 0.12 | 2.9 | 0.00 | Jul 17, 2024 | vodozemac is an open source implementation of Olm and Megolm in pure Rust. Versions before 0.7.0 of vodozemac use a non-constant time base64 implementation for importing key material for Megolm group sessions and `PkDecryption` Ed25519 secret keys. This flaw might allow an… | ||
| CVE-2025-59160 | Low | 0.11 | — | 0.00 | Sep 16, 2025 | Matrix JavaScript SDK is a Matrix Client-Server SDK for JavaScript and TypeScript. matrix-js-sdk before 38.2.0 has insufficient validation of room predecessor links in MatrixClient::getJoinedRooms, allowing a remote attacker to attempt to replace a tombstoned room with an… | ||
| CVE-2025-59047 | Low | 0.11 | — | 0.00 | Sep 11, 2025 | matrix-sdk-base is the base component to build a Matrix client library. In matrix-sdk-base before 0.14.1, calling the `RoomMember::normalized_power_level()` method can cause a panic if a room member has a power level of `Int::Min`. The issue is fixed in matrix-sdk-base 0.14.1.… | ||
| CVE-2024-34063 | Low | 0.09 | 2.5 | 0.00 | May 3, 2024 | vodozemac is an implementation of Olm and Megolm in pure Rust. Versions 0.5.0 and 0.5.1 of vodozemac have degraded secret zeroization capabilities, due to changes in third-party cryptographic dependencies (the Dalek crates), which moved secret zeroization capabilities behind a… | ||
| CVE-2026-45057 | 0.00 | — | 0.00 | Jun 4, 2026 | ### Impact The message edit validation logic in the `matrix-sdk-ui` crate before 0.16.1 is missing a check: when replacing an encrypted event, the replacement event itself is not required to be encrypted. This enables a malicious homeserver administrator (or an actor with… | |||
| CVE-2026-45056 | 0.00 | — | 0.00 | Jun 4, 2026 | ### Impact The `matrix-sdk-crypto` crate before 0.16.1 is missing a check for the sender's user ID when decrypting an Olm-encrypted to-device message containing the `sender_device_keys` property. This could be exploited to spoof the sender of an encrypted to-device message,… | |||
| CVE-2025-66622 | 0.00 | — | 0.00 | Dec 9, 2025 | matrix-sdk-base is the base component to build a Matrix client library. Versions 0.14.1 and prior are unable to handle responses that include custom m.room.join_rules values due to a serialization bug. This can be exploited to cause a denial-of-service condition, if a user is… | |||
| CVE-2025-27146 | 0.00 | — | 0.00 | Feb 25, 2025 | matrix-appservice-irc is a Node.js IRC bridge for Matrix. The matrix-appservice-irc bridge up to version 3.0.3 contains a vulnerability which can lead to arbitrary IRC command execution as the puppeted user. The attacker can only inject commands executed as their own IRC user.… | |||
| CVE-2024-10381 | 0.00 | — | 0.01 | Oct 25, 2024 | This vulnerability exists in Matrix Door Controller Cosec Vega FAXQ due to improper implementation of session management at the web-based management interface. A remote attacker could exploit this vulnerability by sending a specially crafted http request on the vulnerable… | |||
| CVE-2024-45191 | 0.00 | — | 0.00 | Aug 22, 2024 | An issue was discovered in Matrix libolm through 3.2.16. The AES implementation is vulnerable to cache-timing attacks due to use of S-boxes. This is related to software that uses a lookup table for the SubWord step. This refers to the libolm implementation of Olm. NOTE: This… | |||
| CVE-2024-45193 | 0.00 | — | 0.00 | Aug 22, 2024 | An issue was discovered in Matrix libolm through 3.2.16. There is Ed25519 signature malleability due to lack of validation criteria (does not ensure that S < n). This refers to the libolm implementation of Olm. NOTE: This vulnerability only affects products that are no longer… | |||
| CVE-2024-45192 | 0.00 | — | 0.01 | Aug 22, 2024 | An issue was discovered in Matrix libolm through 3.2.16. Cache-timing attacks can occur due to use of base64 when decoding group session keys. This refers to the libolm implementation of Olm. NOTE: This vulnerability only affects products that are no longer supported by the… | |||
| CVE-2024-42369 | 0.00 | — | 0.00 | Aug 20, 2024 | matrix-js-sdk is a Matrix messaging protocol Client-Server SDK for JavaScript. A malicious homeserver can craft a room or room structure such that the predecessors form a cycle. The matrix-js-sdk's getRoomUpgradeHistory function will infinitely recurse in this case, causing the… | |||
| CVE-2024-42347 | 0.00 | — | 0.00 | Aug 6, 2024 | matrix-react-sdk is a react-based SDK for inserting a Matrix chat/voip client into a web page. A malicious homeserver could manipulate a user's account data to cause the client to enable URL previews in end-to-end encrypted rooms, in which case any URLs in encrypted messages… | |||
| CVE-2024-38432 | 0.00 | — | 0.00 | Jul 30, 2024 | Matrix Tafnit v8 - CWE-646: Reliance on File Name or Extension of Externally-Supplied File | |||
| CVE-2024-38431 | 0.00 | — | 0.00 | Jul 30, 2024 | Matrix Tafnit v8 - CWE-204: Observable Response Discrepancy | |||
| CVE-2024-38430 | 0.00 | — | 0.00 | Jul 30, 2024 | Matrix - CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | |||
| CVE-2024-38429 | 0.00 | — | 0.00 | Jul 30, 2024 | Matrix Tafnit v8 - CWE-552: Files or Directories Accessible to External Parties | |||
| CVE-2023-43796 | 0.00 | — | 0.01 | Oct 31, 2023 | Synapse is an open-source Matrix homeserver Prior to versions 1.95.1 and 1.96.0rc1, cached device information of remote users can be queried from Synapse. This can be used to enumerate the remote users known to a homeserver. System administrators are encouraged to upgrade to… | |||
| CVE-2023-45129 | 0.00 | — | 0.01 | Oct 10, 2023 | Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. Prior to version 1.94.0, a malicious server ACL event can impact performance temporarily or permanently leading to a persistent denial of service. Homeservers running on a closed… | |||
| CVE-2023-43656 | 0.00 | — | 0.00 | Sep 27, 2023 | matrix-hookshot is a Matrix bot for connecting to external services like GitHub, GitLab, JIRA, and more. Instances that have enabled transformation functions (those that have `generic.allowJsTransformationFunctions` in their config), may be vulnerable to an attack where it is… | |||
| CVE-2023-41335 | 0.00 | — | 0.00 | Sep 26, 2023 | Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. When users update their passwords, the new credentials may be briefly held in the server database. While this doesn't grant the server any added capabilities—it already learns the… | |||
| CVE-2023-42453 | 0.00 | — | 0.01 | Sep 26, 2023 | Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. Users were able to forge read receipts for any event (if they knew the room ID and event ID). Note that the users were not able to view the events, but simply mark it as read. This… | |||
| CVE-2023-38700 | 0.00 | — | 0.00 | Aug 4, 2023 | matrix-appservice-irc is a Node.js IRC bridge for Matrix. Prior to version 1.0.1, it was possible to craft an event such that it would leak part of a targeted message event from another bridged room. This required knowing an event ID to target. Version 1.0.1n fixes this issue.… | |||
| CVE-2023-38691 | 0.00 | — | 0.00 | Aug 4, 2023 | matrix-appservice-bridge provides an API for setting up bridges. Starting in version 4.0.0 and prior to versions 8.1.2 and 9.0.1, a malicious Matrix server can use a foreign user's MXID in an OpenID exchange, allowing a bad actor to impersonate users when using the provisioning… | |||
| CVE-2023-38690 | 0.00 | — | 0.01 | Aug 4, 2023 | matrix-appservice-irc is a Node.js IRC bridge for Matrix. Prior to version 1.0.1, it is possible to craft a command with newlines which would not be properly parsed. This would mean you could pass a string of commands as a channel name, which would then be run by the IRC bridge… | |||
| CVE-2023-38686 | 0.00 | — | 0.00 | Aug 4, 2023 | Sydent is an identity server for the Matrix communications protocol. Prior to version 2.5.6, if configured to send emails using TLS, Sydent does not verify SMTP servers' certificates. This makes Sydent's emails vulnerable to interception via a man-in-the-middle (MITM) attack.… | |||
| CVE-2023-37259 | 0.00 | — | 0.00 | Jul 18, 2023 | matrix-react-sdk is a react-based SDK for inserting a Matrix chat/voip client into a web page. The Export Chat feature includes certain attacker-controlled elements in the generated document without sufficient escaping, leading to stored Cross site scripting (XSS). Since the… | |||
| CVE-2023-32683 | 0.00 | — | 0.01 | Jun 6, 2023 | Synapse is a Matrix protocol homeserver written in Python with the Twisted framework. A discovered oEmbed or image URL can bypass the `url_preview_url_blacklist` setting potentially allowing server side request forgery or bypassing network policies. Impact is limited to IP… | |||
| CVE-2023-32682 | 0.00 | — | 0.01 | Jun 6, 2023 | Synapse is a Matrix protocol homeserver written in Python with the Twisted framework. In affected versions it may be possible for a deactivated user to login when using uncommon configurations. This only applies if any of the following are true: 1. JSON Web Tokens are enabled… | |||
| CVE-2022-39374 | 0.00 | — | 0.01 | May 26, 2023 | Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. If Synapse and a malicious homeserver are both joined to the same room, the malicious homeserver can trick Synapse into accepting previously rejected events into its view of the… | |||
| CVE-2022-39335 | 0.00 | — | 0.01 | May 26, 2023 | Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. The Matrix Federation API allows remote homeservers to request the authorization events in a room. This is necessary so that a homeserver receiving some events can validate that… | |||
| CVE-2023-32323 | 0.00 | — | 0.01 | May 26, 2023 | Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. A malicious user on a Synapse homeserver X with permission to create certain state events can disable outbound federation from X to an arbitrary homeserver Y. Synapse instances with… |
- risk 0.52cvss 9.1epss 0.01
Mjolnir is a moderation tool for Matrix. Mjolnir v1.9.0 responds to management commands from any room the bot is member of. This can allow users who aren't operators of the bot to use the bot's functions, including server administration components if enabled. Version 1.9.1…
- risk 0.50cvss —epss 0.01
matrix-react-sdk is react-based software development kit for inserting a Matrix chat/VOIP client into a web page. Starting in version 3.18.0 and before 3.102.0, matrix-react-sdk allows a malicious homeserver to potentially steal message keys for a room when a user invites…
- risk 0.50cvss —epss 0.01
matrix-js-sdk is the Matrix Client-Server SDK for JavaScript and TypeScript. In matrix-js-sdk versions versions 9.11.0 through 34.7.0, the method `MatrixClient.sendSharedHistoryKeys` is vulnerable to interception by malicious homeservers. The method was introduced by MSC3061)…
- risk 0.39cvss 7.1epss 0.00
The Matrix specification before 1.16 (i.e., with a room version before 12) lacks create event uniqueness.
- risk 0.39cvss 7.1epss 0.00
The Matrix specification before 1.16 (i.e., with a room version before 12 and State Resolution before 2.1) has deficient state resolution.
- risk 0.35cvss 6.5epss 0.00
matrix-hookshot is a Matrix bot for connecting to external services like GitHub, GitLab, JIRA, and more. When Hookshot 6 version 6.0.1 or below, or Hookshot 5 version 5.4.1 or below, is configured with GitHub support, it is vulnerable to a Denial of Service (DoS) whereby it can…
- risk 0.33cvss 6.1epss 0.00
Pinecone is an experimental overlay routing protocol suite which is the foundation of the current P2P Matrix demos. The Pinecone Simulator (pineconesim) included in Pinecone up to commit ea4c337 is vulnerable to stored cross-site scripting. The payload storage is not permanent…
- risk 0.29cvss 5.5epss 0.00
The matrix-sdk-crypto crate, part of the Matrix Rust SDK project, is an implementation of a Matrix end-to-end encryption state machine in Rust. In Matrix, the server-side `key backup` stores encrypted copies of Matrix message keys. This facilitates key sharing between a user's…
- risk 0.28cvss 5.4epss 0.00
matrix-appservice-irc is a Node.js IRC bridge for the Matrix messaging protocol. The provisioning API of the matrix-appservice-irc bridge up to version 3.0.2 contains a vulnerability which can lead to arbitrary IRC command execution as the bridge IRC bot. The vulnerability has…
- risk 0.28cvss —epss 0.01
matrix-js-sdk is a Matrix messaging protocol Client-Server SDK for JavaScript. matrix-js-sdk before 34.11.0 is vulnerable to client-side path traversal via crafted MXC URIs. A malicious room member can trigger clients based on the matrix-js-sdk to issue arbitrary authenticated…
- risk 0.28cvss 5.4epss 0.00
matrix-rust-sdk is an implementation of a Matrix client-server library in Rust. The `UserIdentity::is_verified()` method in the matrix-sdk-crypto crate before version 0.7.2 doesn't take into account the verification status of the user's own identity while performing the check…
- risk 0.27cvss —epss 0.00
The Matrix Rust SDK is a collection of libraries that make it easier to build Matrix clients in Rust. An SQL injection vulnerability in the EventCache::find_event_with_relations method of matrix-sdk 0.11 and 0.12 allows malicious room members to execute arbitrary SQL commands in…
- risk 0.25cvss 4.9epss 0.00
matrix-rust-sdk is an implementation of a Matrix client-server library in Rust. matrix-sdk-crypto since version 0.8.0 and up to 0.11.0 does not correctly validate the sender of an encrypted event. Accordingly, a malicious homeserver operator can modify events served to clients,…
- risk 0.21cvss 4.3epss 0.00
Gomatrixserverlib is a Go library for matrix federation. Gomatrixserverlib is vulnerable to server-side request forgery, serving content from a private network it can access, under certain conditions. The commit `c4f1e01` fixes this issue. Users are advised to upgrade. Users…
- risk 0.21cvss 4.3epss 0.00
matrix-rust-sdk is an implementation of a Matrix client-server library in Rust. Versions of the matrix-sdk-crypto Rust crate before 0.8.0 lack a dedicated mechanism to notify that a user's cryptographic identity has changed from a verified to an unverified one, which could cause…
- risk 0.21cvss 4.3epss 0.00
matrix-appservice-irc is a Node.js IRC bridge for the Matrix messaging protocol. The fix for GHSA-wm4w-7h2q-3pf7 / CVE-2024-32000 included in matrix-appservice-irc 2.0.0 relied on the Matrix homeserver-provided timestamp to determine whether a user has access to the event…
- risk 0.21cvss 4.3epss 0.00
matrix-appservice-irc is a Node.js IRC bridge for the Matrix messaging protocol. matrix-appservice-irc before version 2.0.0 can be exploited to leak the truncated body of a message if a malicious user sends a Matrix reply to an event ID they don't have access to. As a…
- risk 0.12cvss 2.9epss 0.00
vodozemac is an open source implementation of Olm and Megolm in pure Rust. Versions before 0.7.0 of vodozemac use a non-constant time base64 implementation for importing key material for Megolm group sessions and `PkDecryption` Ed25519 secret keys. This flaw might allow an…
- risk 0.11cvss —epss 0.00
Matrix JavaScript SDK is a Matrix Client-Server SDK for JavaScript and TypeScript. matrix-js-sdk before 38.2.0 has insufficient validation of room predecessor links in MatrixClient::getJoinedRooms, allowing a remote attacker to attempt to replace a tombstoned room with an…
- risk 0.11cvss —epss 0.00
matrix-sdk-base is the base component to build a Matrix client library. In matrix-sdk-base before 0.14.1, calling the `RoomMember::normalized_power_level()` method can cause a panic if a room member has a power level of `Int::Min`. The issue is fixed in matrix-sdk-base 0.14.1.…
- risk 0.09cvss 2.5epss 0.00
vodozemac is an implementation of Olm and Megolm in pure Rust. Versions 0.5.0 and 0.5.1 of vodozemac have degraded secret zeroization capabilities, due to changes in third-party cryptographic dependencies (the Dalek crates), which moved secret zeroization capabilities behind a…
- CVE-2026-45057Jun 4, 2026risk 0.00cvss —epss 0.00
### Impact The message edit validation logic in the `matrix-sdk-ui` crate before 0.16.1 is missing a check: when replacing an encrypted event, the replacement event itself is not required to be encrypted. This enables a malicious homeserver administrator (or an actor with…
- CVE-2026-45056Jun 4, 2026risk 0.00cvss —epss 0.00
### Impact The `matrix-sdk-crypto` crate before 0.16.1 is missing a check for the sender's user ID when decrypting an Olm-encrypted to-device message containing the `sender_device_keys` property. This could be exploited to spoof the sender of an encrypted to-device message,…
- CVE-2025-66622Dec 9, 2025risk 0.00cvss —epss 0.00
matrix-sdk-base is the base component to build a Matrix client library. Versions 0.14.1 and prior are unable to handle responses that include custom m.room.join_rules values due to a serialization bug. This can be exploited to cause a denial-of-service condition, if a user is…
- CVE-2025-27146Feb 25, 2025risk 0.00cvss —epss 0.00
matrix-appservice-irc is a Node.js IRC bridge for Matrix. The matrix-appservice-irc bridge up to version 3.0.3 contains a vulnerability which can lead to arbitrary IRC command execution as the puppeted user. The attacker can only inject commands executed as their own IRC user.…
- CVE-2024-10381Oct 25, 2024risk 0.00cvss —epss 0.01
This vulnerability exists in Matrix Door Controller Cosec Vega FAXQ due to improper implementation of session management at the web-based management interface. A remote attacker could exploit this vulnerability by sending a specially crafted http request on the vulnerable…
- CVE-2024-45191Aug 22, 2024risk 0.00cvss —epss 0.00
An issue was discovered in Matrix libolm through 3.2.16. The AES implementation is vulnerable to cache-timing attacks due to use of S-boxes. This is related to software that uses a lookup table for the SubWord step. This refers to the libolm implementation of Olm. NOTE: This…
- CVE-2024-45193Aug 22, 2024risk 0.00cvss —epss 0.00
An issue was discovered in Matrix libolm through 3.2.16. There is Ed25519 signature malleability due to lack of validation criteria (does not ensure that S < n). This refers to the libolm implementation of Olm. NOTE: This vulnerability only affects products that are no longer…
- CVE-2024-45192Aug 22, 2024risk 0.00cvss —epss 0.01
An issue was discovered in Matrix libolm through 3.2.16. Cache-timing attacks can occur due to use of base64 when decoding group session keys. This refers to the libolm implementation of Olm. NOTE: This vulnerability only affects products that are no longer supported by the…
- CVE-2024-42369Aug 20, 2024risk 0.00cvss —epss 0.00
matrix-js-sdk is a Matrix messaging protocol Client-Server SDK for JavaScript. A malicious homeserver can craft a room or room structure such that the predecessors form a cycle. The matrix-js-sdk's getRoomUpgradeHistory function will infinitely recurse in this case, causing the…
- CVE-2024-42347Aug 6, 2024risk 0.00cvss —epss 0.00
matrix-react-sdk is a react-based SDK for inserting a Matrix chat/voip client into a web page. A malicious homeserver could manipulate a user's account data to cause the client to enable URL previews in end-to-end encrypted rooms, in which case any URLs in encrypted messages…
- CVE-2024-38432Jul 30, 2024risk 0.00cvss —epss 0.00
Matrix Tafnit v8 - CWE-646: Reliance on File Name or Extension of Externally-Supplied File
- CVE-2024-38431Jul 30, 2024risk 0.00cvss —epss 0.00
Matrix Tafnit v8 - CWE-204: Observable Response Discrepancy
- CVE-2024-38430Jul 30, 2024risk 0.00cvss —epss 0.00
Matrix - CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
- CVE-2024-38429Jul 30, 2024risk 0.00cvss —epss 0.00
Matrix Tafnit v8 - CWE-552: Files or Directories Accessible to External Parties
- CVE-2023-43796Oct 31, 2023risk 0.00cvss —epss 0.01
Synapse is an open-source Matrix homeserver Prior to versions 1.95.1 and 1.96.0rc1, cached device information of remote users can be queried from Synapse. This can be used to enumerate the remote users known to a homeserver. System administrators are encouraged to upgrade to…
- CVE-2023-45129Oct 10, 2023risk 0.00cvss —epss 0.01
Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. Prior to version 1.94.0, a malicious server ACL event can impact performance temporarily or permanently leading to a persistent denial of service. Homeservers running on a closed…
- CVE-2023-43656Sep 27, 2023risk 0.00cvss —epss 0.00
matrix-hookshot is a Matrix bot for connecting to external services like GitHub, GitLab, JIRA, and more. Instances that have enabled transformation functions (those that have `generic.allowJsTransformationFunctions` in their config), may be vulnerable to an attack where it is…
- CVE-2023-41335Sep 26, 2023risk 0.00cvss —epss 0.00
Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. When users update their passwords, the new credentials may be briefly held in the server database. While this doesn't grant the server any added capabilities—it already learns the…
- CVE-2023-42453Sep 26, 2023risk 0.00cvss —epss 0.01
Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. Users were able to forge read receipts for any event (if they knew the room ID and event ID). Note that the users were not able to view the events, but simply mark it as read. This…
- CVE-2023-38700Aug 4, 2023risk 0.00cvss —epss 0.00
matrix-appservice-irc is a Node.js IRC bridge for Matrix. Prior to version 1.0.1, it was possible to craft an event such that it would leak part of a targeted message event from another bridged room. This required knowing an event ID to target. Version 1.0.1n fixes this issue.…
- CVE-2023-38691Aug 4, 2023risk 0.00cvss —epss 0.00
matrix-appservice-bridge provides an API for setting up bridges. Starting in version 4.0.0 and prior to versions 8.1.2 and 9.0.1, a malicious Matrix server can use a foreign user's MXID in an OpenID exchange, allowing a bad actor to impersonate users when using the provisioning…
- CVE-2023-38690Aug 4, 2023risk 0.00cvss —epss 0.01
matrix-appservice-irc is a Node.js IRC bridge for Matrix. Prior to version 1.0.1, it is possible to craft a command with newlines which would not be properly parsed. This would mean you could pass a string of commands as a channel name, which would then be run by the IRC bridge…
- CVE-2023-38686Aug 4, 2023risk 0.00cvss —epss 0.00
Sydent is an identity server for the Matrix communications protocol. Prior to version 2.5.6, if configured to send emails using TLS, Sydent does not verify SMTP servers' certificates. This makes Sydent's emails vulnerable to interception via a man-in-the-middle (MITM) attack.…
- CVE-2023-37259Jul 18, 2023risk 0.00cvss —epss 0.00
matrix-react-sdk is a react-based SDK for inserting a Matrix chat/voip client into a web page. The Export Chat feature includes certain attacker-controlled elements in the generated document without sufficient escaping, leading to stored Cross site scripting (XSS). Since the…
- CVE-2023-32683Jun 6, 2023risk 0.00cvss —epss 0.01
Synapse is a Matrix protocol homeserver written in Python with the Twisted framework. A discovered oEmbed or image URL can bypass the `url_preview_url_blacklist` setting potentially allowing server side request forgery or bypassing network policies. Impact is limited to IP…
- CVE-2023-32682Jun 6, 2023risk 0.00cvss —epss 0.01
Synapse is a Matrix protocol homeserver written in Python with the Twisted framework. In affected versions it may be possible for a deactivated user to login when using uncommon configurations. This only applies if any of the following are true: 1. JSON Web Tokens are enabled…
- CVE-2022-39374May 26, 2023risk 0.00cvss —epss 0.01
Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. If Synapse and a malicious homeserver are both joined to the same room, the malicious homeserver can trick Synapse into accepting previously rejected events into its view of the…
- CVE-2022-39335May 26, 2023risk 0.00cvss —epss 0.01
Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. The Matrix Federation API allows remote homeservers to request the authorization events in a room. This is necessary so that a homeserver receiving some events can validate that…
- CVE-2023-32323May 26, 2023risk 0.00cvss —epss 0.01
Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. A malicious user on a Synapse homeserver X with permission to create certain state events can disable outbound federation from X to an arbitrary homeserver Y. Synapse instances with…
Page 1 of 2