CVE-2024-52815
CVSS V2 None
CVSS V3 None
Description
Synapse is an open-source Matrix homeserver. Synapse versions before 1.120.1 fail to properly validate invites received over federation. This vulnerability allows a malicious server to send a specially crafted invite that disrupts the invited user's /sync functionality. Synapse 1.120.1 rejects such invalid invites received over federation and restores the ability to sync for affected users.
Overview
- CVE ID
- CVE-2024-52815
- Assigner
- GitHub_M
- Vulnerability Status
- PUBLISHED
- Published Version
- 2024-12-03T16:58:30.877Z
- Last Modified Date
- 2024-12-03T19:06:11.082Z
Weakness Enumerations
References
Reference URL | Reference Tags |
---|---|
https://github.com/element-hq/synapse/security/advisories/GHSA-f3r3-h2mq-hx2h | x_refsource_CONFIRM |
Sources
Source Name | Source URL |
---|---|
NIST | https://nvd.nist.gov/vuln/detail/CVE-2024-52815 |
MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-52815 |
History
Created | Old Value | New Value | Data Type | Notes |
---|---|---|---|---|
2024-12-04 13:23:14 | Added to TrackCVE |