Vulnerability Name:

CVE-2021-21332 (CCN-198872)

Assigned:2020-12-22
Published:2021-03-25
Updated:2021-11-23
Summary:Synapse is a Matrix reference homeserver written in python (pypi package matrix-synapse). Matrix is an ecosystem for open federated Instant Messaging and VoIP. In Synapse before version 1.27.0, the password reset endpoint served via Synapse was vulnerable to cross-site scripting (XSS) attacks. The impact depends on the configuration of the domain that Synapse is deployed on, but may allow access to cookies and other browser data, CSRF vulnerabilities, and access to other resources served on the same domain or parent domains. This is fixed in version 1.27.0.
CVSS v3 Severity:8.2 High (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N)
7.8 High (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): Required
Scope:Scope (S): Changed
Impact Metrics:Confidentiality (C): High
Integrity (I): Low
Availibility (A): None
7.2 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N)
6.9 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N/E:H/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Changed
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): None
CVSS v2 Severity:4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None
6.4 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:N)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): None
Vulnerability Type:CWE-79
CWE-79
Vulnerability Consequences:Cross-Site Scripting
References:Source: MITRE
Type: CNA
CVE-2021-21332

Source: XF
Type: UNKNOWN
matrix-cve202121332-xss(198872)

Source: MISC
Type: Patch, Third Party Advisory
https://github.com/matrix-org/synapse/commit/e54746bdf7d5c831eabe4dcea76a7626f1de73df

Source: MISC
Type: Patch, Third Party Advisory
https://github.com/matrix-org/synapse/pull/9200

Source: MISC
Type: Third Party Advisory
https://github.com/matrix-org/synapse/releases/tag/v1.27.0

Source: CCN
Type: Synapse GIT Repository
Cross-site scripting (XSS) vulnerability in the password reset endpoint

Source: CONFIRM
Type: Third Party Advisory
https://github.com/matrix-org/synapse/security/advisories/GHSA-246w-56m2-5899

Source: FEDORA
Type: Mailing List, Third Party Advisory
FEDORA-2021-a627cfd31e

Source: CCN
Type: WhiteSource Vulnerability Database
CVE-2021-21332

Vulnerable Configuration:Configuration 1:
  • cpe:/a:matrix:synapse:*:*:*:*:*:*:*:* (Version < 1.27.0)

    • Configuration 2:
  • cpe:/o:fedoraproject:fedora:34:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:matrix:synapse:1.26.0:-:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    matrix synapse *
    fedoraproject fedora 34
    matrix synapse 1.26.0 -