CVE-2021-39164

Information Exposure in pypi/matrix-synapse

Identifier

CVE-2021-39164

Package Slug

pypi/matrix-synapse

Vulnerability

Information Exposure

Description

Matrix is an ecosystem for open federated Instant Messaging and Voice over IP. Unauthorised users can access the membership (list of members, with their display names) of a room if they know the ID of the room. The vulnerability is limited to rooms with shared history visibility.

Affected Versions

All versions before 1.41.1

Solution

Upgrade to version 1.41.1 or above.

Last Modified

2021-09-10

source