CVE-2021-39163

Information Exposure in pypi/matrix-synapse

Identifier

CVE-2021-39163

Package Slug

pypi/matrix-synapse

Vulnerability

Information Exposure

Description

Matrix is an ecosystem for open federated Instant Messaging and Voice over IP. and prior, unauthorised users can access the name, avatar, topic and number of members of a room if they know the ID of the room. This vulnerability is limited to homeservers where the vulnerable homeserver is in the room and untrusted users are permitted to create groups (communities).

Affected Versions

All versions before 1.41.1

Solution

Upgrade to version 1.41.1 or above.

Last Modified

2021-09-10

source