CVSS 3.1 Score 4.9 of 10 (medium)


Published Oct 10, 2023
Updated: Jan 7, 2024
CWE ID 770


CVE-2023-45129 is a vulnerability affecting Synapse, an open-source Matrix homeserver developed by the Foundation. This vulnerability, which has a base severity rating of MEDIUM and a CVSS score of 4.9, allows a malicious server ACL event to cause temporary or permanent performance issues leading to a persistent denial of service. The affected versions are prior to 1.94.0, and homeservers running on closed federations are not impacted. To remediate the vulnerability, server administrators are advised to upgrade to Synapse 1.94.0 or later versions. As a workaround, rooms with malicious server ACL events can be purged and blocked using the admin API. The potential danger this vulnerability poses to an organization is that it can disrupt the availability of the Synapse homeserver and impact its performance, potentially leading to service downtime and loss of functionality for users.

Note: The additional information provided in the text regarding risk scores, exploitability, attack vectors, etc., has been excluded from the summary as it does not directly contribute to understanding the vulnerability's impact and remediation steps.

Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2023-45129 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options