CVE-2024-37303
CVSS 3.1 Score 5.3 of 10 (medium)
Details
Summary
CVE-2024-37303 is a vulnerability affecting the Synapse open-source Matrix homeserver. Prior to version 1.106, Synapse allowed unauthenticated remote participants to trigger media downloads and caching from remote servers, making the locally stored media accessible without authentication. Malicious actors could exploit this design flaw to plant harmful content into the media repository, posing a security risk. Synapse introduced a mitigation in version 1.106 with new authentication-required media download endpoints. The unauthenticated endpoints will be frozen in a future release, eliminating the attack vector.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.