Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
[matrix-synapse] Synapse's unauthenticated writes to the media repository allow planting of problematic content
Description: Impact Synapse before version 1.106 allows, by design, unauthenticated remote participants to trigger a download and caching of remote media from a remote homeserver to the local media repository. Such content then also becomes available for download from the local homeserver in an unauthenticated way. The implication is that unauthenticated remote adversaries can use this functionality to plant problematic content into the media repository. Patches Synapse 1.106 introduces a partial mitigation in the form of new endpoints which require authentication for media downloads. The unauthenticated endpoints will be frozen in a future release, closing the attack vector. Workarounds Though extremely limited, server operators can use more strict rate limits based on IP address. References https://github.com/matrix-org/matrix-spec-proposals/pull/3916 For more information If you have any questions or comments about this advisory, please email us at security at element.io. References https://github.com/element-hq/synapse/security/advisories/GHSA-gjgr-7834-rhxr https://nvd.nist.gov/vuln/detail/CVE-2024-37303 https://github.com/matrix-org/matrix-spec-proposals/pull/3916 https://github.com/advisories/GHSA-gjgr-7834-rhxr
Source: Github Advisory Database (PIP)
December 3rd, 2024 (6 months ago)
[matrix-synapse] Synapse allows unsupported content types to lead to memory exhaustion
Description: Impact In Synapse before 1.120.1, multipart/form-data requests can in certain configurations transiently increase memory consumption beyond expected levels while processing the request, which can be used to amplify denial of service attacks. Patches Synapse 1.120.1 resolves the issue by denying requests with unsupported multipart/form-data content type. Workarounds Limiting request sizes or blocking the multipart/form-data content type before the requests reach Synapse, for example in a reverse proxy, alleviates the issue. Another approach that mitigates the attack is to use a low max_upload_size in Synapse. References https://github.com/twisted/twisted/issues/4688#issuecomment-1167705518 https://github.com/twisted/twisted/issues/4688#issuecomment-2385711609 For more information If you have any questions or comments about this advisory, please email us at security at element.io. References https://github.com/element-hq/synapse/security/advisories/GHSA-rfq8-j7rh-8hf2 https://nvd.nist.gov/vuln/detail/CVE-2024-52805 https://github.com/twisted/twisted/issues/4688#issuecomment-1167705518 https://github.com/twisted/twisted/issues/4688#issuecomment-2385711609 https://github.com/advisories/GHSA-rfq8-j7rh-8hf2
Source: Github Advisory Database (PIP)
December 3rd, 2024 (6 months ago)
[matrix-synapse] Synapse allows a a malformed invite to break the invitee's `/sync`
Description: Impact Synapse versions before 1.120.1 fail to properly validate invites received over federation. This vulnerability allows a malicious server to send a specially crafted invite that disrupts the invited user's /sync functionality. Patches Synapse 1.120.1 rejects such invalid invites received over federation and restores the ability to sync for affected users. Workarounds Server administrators can disable federation from untrusted servers. For more information If you have any questions or comments about this advisory, please email us at security at element.io. References https://github.com/element-hq/synapse/security/advisories/GHSA-f3r3-h2mq-hx2h https://nvd.nist.gov/vuln/detail/CVE-2024-52815 https://github.com/advisories/GHSA-f3r3-h2mq-hx2h
Source: Github Advisory Database (PIP)
December 3rd, 2024 (6 months ago)
[matrix-synapse] Synapse can be forced to thumbnail unexpected file formats, invoking external, potentially untrustworthy decoders
Description: Impact In Synapse versions before 1.120.1, enabling the dynamic_thumbnails option or processing a specially crafted request could trigger the decoding and thumbnail generation of uncommon image formats, potentially invoking external tools like Ghostscript for processing. This significantly expands the attack surface in a historically vulnerable area, presenting a risk that far outweighs the benefit, particularly since these formats are rarely used on the open web or within the Matrix ecosystem. For a list of image formats, as well as decoding libraries and helper programs used, see the Pillow documentation. Patches Synapse 1.120.1 addresses the issue by restricting thumbnail generation to images in the following widely used formats: PNG, JPEG, GIF, and WebP. Workarounds Ensure any image codecs and helper programs, such as Ghostscript, are patched against security vulnerabilities. Uninstall unused image decoder libraries and helper programs, such as Ghostscript, from the system environment that Synapse is running in. Depending on the installation method, there may be some decoder libraries bundled with Pillow and these cannot be easily uninstalled. The official Docker container image does not include Ghostscript. References The Pillow documentation includes a list of supported image formats and which libraries or helper programs are used to decode them. For more information If you have any questions or comments about this advisory, please email us at security at eleme...
Source: Github Advisory Database (PIP)
December 3rd, 2024 (6 months ago)
[matrix-synapse] Synapse Matrix has a partial room state leak via Sliding Sync
Description: Impact The Sliding Sync feature on Synapse versions between 1.113.0rc1 and 1.120.0 can leak partial room state changes to users no longer in a room. Non-state events, like messages, are unaffected. Patches Synapse version 1.120.1 fixes the problem. Workarounds Disable Sliding Sync. References https://github.com/matrix-org/matrix-spec-proposals/pull/4186 https://github.com/element-hq/synapse/blob/d80cd57c54427687afcb48740d99219c88a0fff1/synapse/config/experimental.py#L341-L344 For more information If you have any questions or comments about this advisory, please email us at security at element.io. References https://github.com/element-hq/synapse/security/advisories/GHSA-56w4-5538-8v8h https://nvd.nist.gov/vuln/detail/CVE-2024-53867 https://github.com/matrix-org/matrix-spec-proposals/pull/4186 https://github.com/advisories/GHSA-56w4-5538-8v8h
Source: Github Advisory Database (PIP)
December 3rd, 2024 (6 months ago)
[mobsf] Mobile Security Framework (MobSF) Stored Cross-Site Scripting Vulnerability in "Diff or Compare" Functionality
Description: Summary The application allows users to upload files with scripts in the filename parameter. As a result, a malicious user can upload a script file to the system. When users in the application use the "Diff or Compare" functionality, they are affected by a Stored Cross-Site Scripting vulnerability. Details I found a Stored Cross-Site Scripting vulnerability in the "Diff or Compare" functionality. This issue occurs because the upload functionality allows users to upload files with special characters such as <, >, /, and " in the filename. This vulnerability can be mitigated by restricting file uploads to filenames containing only whitelisted characters, such as A-Z, 0-9, and specific special characters permitted by business requirements, like - or _ . PoC Complete instructions, including specific configuration details, to reproduce the vulnerability. On MobSF version 4.2.8, I clicked on "Unload & Analyze" button. I uploaded zip file as a name test.zip. I used an intercepting proxy tool while uploading a file and changed the value of the filename parameter from test.zip to test.zip. This means I uploaded a file and set its name to a script value. As a result, the server allowed the file to be uploaded successfully. I accessed /recent_scans/ and found a file named test.zip in the recent scans. Then, I clicked on the "Differ or Compare" button." I found that the application requires selecting a file to compare, and I selected the file test.zip I found tha...
Source: Github Advisory Database (PIP)
December 3rd, 2024 (6 months ago)
Exploit released for critical WhatsUp Gold RCE flaw, patch now
Description: A proof-of-concept (PoC) exploit for a critical-severity remote code execution flaw in Progress WhatsUp Gold has been published, making it critical to install the latest security updates as soon as possible. [...]
Source: BleepingComputer
December 3rd, 2024 (6 months ago)
Cyber-Unsafe Employees Increasingly Put Orgs at Risk
Description: Too much access and privilege, plus a host of unsafe cyber practices, plague most workplaces, and the introduction of tools like GenAI will only make things worse.
Source: Dark Reading
December 3rd, 2024 (6 months ago)
Veeam warns of critical RCE bug in Service Provider Console
Description: ​Veeam released security updates today to address two Service Provider Console (VSPC) vulnerabilities, including a critical remote code execution (RCE) discovered during internal testing. [...]
Source: BleepingComputer
December 3rd, 2024 (6 months ago)
Police seizes largest German online crime marketplace, arrests admin
Description: Germany has taken down the largest online cybercrime marketplace in the country, named "Crimenetwork," and arrested its administrator for facilitating the sale of drugs, stolen data, and illegal services. [...]
Source: BleepingComputer
December 3rd, 2024 (6 months ago)