Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
|
Description: Impact
In Synapse versions before 1.120.1, enabling the dynamic_thumbnails option or processing a specially crafted request could trigger the decoding and thumbnail generation of uncommon image formats, potentially invoking external tools like Ghostscript for processing.
This significantly expands the attack surface in a historically vulnerable area, presenting a risk that far outweighs the benefit, particularly since these formats are rarely used on the open web or within the Matrix ecosystem.
For a list of image formats, as well as decoding libraries and helper programs used, see the Pillow documentation.
Patches
Synapse 1.120.1 addresses the issue by restricting thumbnail generation to images in the following widely used formats: PNG, JPEG, GIF, and WebP.
Workarounds
Ensure any image codecs and helper programs, such as Ghostscript, are patched against security vulnerabilities.
Uninstall unused image decoder libraries and helper programs, such as Ghostscript, from the system environment that Synapse is running in.
Depending on the installation method, there may be some decoder libraries bundled with Pillow and these cannot be easily uninstalled.
The official Docker container image does not include Ghostscript.
References
The Pillow documentation includes a list of supported image formats and which libraries or helper programs are used to decode them.
For more information
If you have any questions or comments about this advisory, please email us at security at eleme...
December 3rd, 2024 (5 months ago)
|
|
|
Description: Impact
The Sliding Sync feature on Synapse versions between 1.113.0rc1 and 1.120.0 can leak partial room state changes to users no longer in a room. Non-state events, like messages, are unaffected.
Patches
Synapse version 1.120.1 fixes the problem.
Workarounds
Disable Sliding Sync.
References
https://github.com/matrix-org/matrix-spec-proposals/pull/4186
https://github.com/element-hq/synapse/blob/d80cd57c54427687afcb48740d99219c88a0fff1/synapse/config/experimental.py#L341-L344
For more information
If you have any questions or comments about this advisory, please email us at security at element.io.
References
https://github.com/element-hq/synapse/security/advisories/GHSA-56w4-5538-8v8h
https://nvd.nist.gov/vuln/detail/CVE-2024-53867
https://github.com/matrix-org/matrix-spec-proposals/pull/4186
https://github.com/advisories/GHSA-56w4-5538-8v8h
December 3rd, 2024 (5 months ago)
|
|
|
Description: Summary
The application allows users to upload files with scripts in the filename parameter. As a result, a malicious user can upload a script file to the system. When users in the application use the "Diff or Compare" functionality, they are affected by a Stored Cross-Site Scripting vulnerability.
Details
I found a Stored Cross-Site Scripting vulnerability in the "Diff or Compare" functionality. This issue occurs because the upload functionality allows users to upload files with special characters such as <, >, /, and " in the filename. This vulnerability can be mitigated by restricting file uploads to filenames containing only whitelisted characters, such as A-Z, 0-9, and specific special characters permitted by business requirements, like - or _ .
PoC
Complete instructions, including specific configuration details, to reproduce the vulnerability.
On MobSF version 4.2.8, I clicked on "Unload & Analyze" button.
I uploaded zip file as a name test.zip.
I used an intercepting proxy tool while uploading a file and changed the value of the filename parameter from test.zip to test.zip. This means I uploaded a file and set its name to a script value. As a result, the server allowed the file to be uploaded successfully.
I accessed /recent_scans/ and found a file named test.zip in the recent scans. Then, I clicked on the "Differ or Compare" button."
I found that the application requires selecting a file to compare, and I selected the file test.zip
I found tha...
December 3rd, 2024 (5 months ago)
|
|
|
Description: A proof-of-concept (PoC) exploit for a critical-severity remote code execution flaw in Progress WhatsUp Gold has been published, making it critical to install the latest security updates as soon as possible. [...]
December 3rd, 2024 (5 months ago)
|
|
|
Description: Too much access and privilege, plus a host of unsafe cyber practices, plague most workplaces, and the introduction of tools like GenAI will only make things worse.
December 3rd, 2024 (5 months ago)
|
|
|
Description: ​Veeam released security updates today to address two Service Provider Console (VSPC) vulnerabilities, including a critical remote code execution (RCE) discovered during internal testing. [...]
December 3rd, 2024 (5 months ago)
|
|
|
Description: Germany has taken down the largest online cybercrime marketplace in the country, named "Crimenetwork," and arrested its administrator for facilitating the sale of drugs, stolen data, and illegal services. [...]
December 3rd, 2024 (5 months ago)
|
|
|
Description: Discover key insights from 550+ cybersecurity experts on threat intelligence trends, spending, and strategies in our 2024 infographic. Learn more.
December 3rd, 2024 (5 months ago)
|
|
|
Description: A novel backdoor malware and a loader that customizes payload names for each victim have been added to the threat group's cybercriminal tool set.
December 3rd, 2024 (5 months ago)
|
|
|
Description: Today, the FTC banned data brokers Mobilewalla and Gravy Analytics from harvesting and selling Americans' location tracking data linked to sensitive locations, like churches, healthcare facilities, military installations, and schools. [...]
December 3rd, 2024 (5 months ago)
|