VDB

CVE-2024-53867

CVE-2024-53867 PUBLISHED CVSS 4.300000190734863 MEDIUM

Synapse is an open-source Matrix homeserver. The Sliding Sync feature on Synapse versions between 1.113.0rc1 and 1.120.0 can leak partial room state changes to users no longer in a room. Non-state events, like messages, are unaffected. This vulnerability is fixed in 1.120.1.

EPSS 0.13% · 32.6th percentile

Risk Scores

CVSS v3.1
4.300000190734863
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
EPSS Score
0.13%
32.6th percentile

Affected Products

VendorProductVersions
PyPImatrix-synapse1.113.0rc1, 1.113.0rc1
element-hqsynapse*, *

Timeline

  • Jan 21, 1970 Security Advisory
  • Dec 3, 2024 CVE Published
  • Dec 3, 2024 PoC Published
  • Dec 4, 2024 EPSS Score
  • Dec 21, 2024 EPSS Score
  • Jan 7, 2025 EPSS Score
  • Jan 24, 2025 EPSS Score
  • Feb 10, 2025 EPSS Score
  • Feb 27, 2025 EPSS Score
  • Mar 16, 2025 EPSS Score
  • Mar 18, 2025 Coalition ESS Score
  • Apr 2, 2025 EPSS Score

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›