Vulnerability CVE-2020-26891: Information

Description

AuthRestServlet in Matrix Synapse before 1.21.0 is vulnerable to XSS due to unsafe interpolation of the session GET parameter. This allows a remote attacker to execute an XSS attack on the domain Synapse is hosted on, by supplying the victim user with a malicious URL to the /_matrix/client/r0/auth/*/fallback/web or /_matrix/client/unstable/auth/*/fallback/web Synapse endpoints.

Severity: MEDIUM (6.1) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

URL: https://nvd.nist.gov/vuln/detail/CVE-2020-26891
Published: Oct. 19, 2020
Modified: Oct. 27, 2020
Error type identifier: CWE-79

Fixed packages

Package name
Branch
Fixed in version
Version from repository
Errata ID
Task #
State
matrix-synapsesisyphus1.21.0-alt11.104.0-alt1ALT-PU-2020-3036-1259805Fixed
matrix-synapsep101.21.0-alt11.38.0-alt1ALT-PU-2020-3036-1259805Fixed
matrix-synapsec10f11.21.0-alt11.38.0-alt1ALT-PU-2020-3036-1259805Fixed

References to Advisories, Solutions, and Tools

Hyperlink
Resource
https://matrix.org/blog/2020/10/15/synapse-1-21-2-released-and-security-advisory
  • Release Notes
  • Vendor Advisory
https://github.com/matrix-org/synapse/pull/8444
  • Issue Tracking
  • Patch
  • Third Party Advisory
https://github.com/matrix-org/synapse/releases/tag/v1.21.2
  • Release Notes
  • Third Party Advisory
https://github.com/matrix-org/synapse/security/advisories/GHSA-3x8c-fmpc-5rmq
  • Patch
  • Third Party Advisory

    1. Configuration 1

      cpe:2.3:a:matrix:synapse:*:*:*:*:*:*:*:*
      End excliding
      1.21.0
VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
Version: v24.5.1
Back to top