USN-7444-1: Synapse vulnerabilities

https://ubuntu.com/security/notices/rss.xml / Wed, 04/23/2025 - 05:37

It was discovered that Synapse network policies could be bypassed via specially crafted URLs. An attacker could possibly use this issue to bypass authentication mechanisms. (CVE-2023-32683) It was discovered that Synapse exposed cached device information. An attacker could possibly use this issue to gain access to sensitive information. (CVE-2023-43796) It was discovered that Synapse could be tricked into rejecting state changes in rooms. An attacker could possibly use this issue to cause Synapse to stop functioning properly, resulting in a denial of service. This issue was only fixed in Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2022-39374) It was discovered that Synapse stored user credentials in a server's database temporarily. An attacker could possibly use this issue to gain access to sensitive information. This issue was only fixed in Ubuntu 22.04 LTS. (CVE-2023-41335) It was discovered that Synapse could incorrectly respond to server authorization events. An attacker could possibly use this issue to bypass authentication mechanisms. This issue was only fixed in Ubuntu 22.04 LTS. (CVE-2022-39335) It was discovered that Synapse could be manipulated to mark messages as read when they had not been viewed. An attacker could possibly use this issue to perform repudiation-based attacks. This issue was only fixed in Ubuntu 22.04 LTS. (CVE-2023-42453) It was discovered that Synapse had several memory-related issues. An attacker could possibly use this issue to cause Synapse to crash, resulting in a denial of service. This issue was only fixed in Ubuntu 22.04 LTS. (CVE-2024-31208) It was discovered that Synapse could run external tools due to a unchecked thumbnail rendering routine. An attacker could possibly use this issue to cause Synapse to crash, resulting in a denial of service, or execute arbitrary code. This issue was only fixed in Ubuntu 22.04 LTS. (CVE-2024-53863)

About

Kenya Education Network CERT(KENET-CERT) is a Cybersecurity Emergency Response Team and Co-ordination Center operated by the National Research and Education Network of Kenya. KENET-CERT coordination center promotes awareness on cybersecurity incidences as well as coordinates and assists member institutions in responding effectively to cyber security threats and incidences. KENET-CERT works closely with Kenya's National CIRT coordination center (CIRT/CC) as a sector CIRT for the academic institutions. KENET promotes use of ICT in Teaching, Learning and Research in Higher Education Institutions in Kenya. KENET aims to interconnect all the Universities, Tertiary and Research Institutions in Kenya by setting up a cost effective and sustainable private network with high speed access to the global Internet. KENET also facilitates electronic communication among students and faculties in member institutions, share learning and teaching resources by collaboration in Research and Development of Educational content.

USN-7444-1: Synapse vulnerabilities

Categories

Recent Posts

CVE-2025-14367 - WordPress Easy Theme Options Missing Authorization Vulnerability

CVE-2025-12077 - WordPress WP to LinkedIn Auto Publish Plugin Reflected Cross-Site Scripting

CVE-2025-7058 - Kingcabs WordPress Stored Cross-Site Scripting Vulnerability

About