CVE-2023-45129
CVSS 3.1 Score 4.9 of 10 (medium)
Details
Summary
CVE-2023-45129 is a vulnerability affecting Synapse, an open-source Matrix homeserver developed by the Matrix.org Foundation. This vulnerability, which has a base severity rating of MEDIUM and a CVSS score of 4.9, allows a malicious server ACL event to cause temporary or permanent performance issues leading to a persistent denial of service. The affected versions are prior to 1.94.0, and homeservers running on closed federations are not impacted. To remediate the vulnerability, server administrators are advised to upgrade to Synapse 1.94.0 or later versions. As a workaround, rooms with malicious server ACL events can be purged and blocked using the admin API. The potential danger this vulnerability poses to an organization is that it can disrupt the availability of the Synapse homeserver and impact its performance, potentially leading to service downtime and loss of functionality for users. Note: The additional information provided in the text regarding risk scores, exploitability, attack vectors, etc., has been excluded from the summary as it does not directly contribute to understanding the vulnerability's impact and remediation steps.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Advisories, Assessments, and Mitigations
Prioritize, Pinpoint, and Act to Prevent Vulnerability Exploits with Recorded Future
- Gain complete coverage of your cyber, third party, and physical attack surface
- Proactively mitigate threats before they turn into costly attacks
- Make fast, effective, data-driven decisions