First published: Fri Mar 26 2021(Updated: )
Synapse is a Matrix reference homeserver written in python (pypi package matrix-synapse). Matrix is an ecosystem for open federated Instant Messaging and VoIP. In Synapse before version 1.27.0, the password reset endpoint served via Synapse was vulnerable to cross-site scripting (XSS) attacks. The impact depends on the configuration of the domain that Synapse is deployed on, but may allow access to cookies and other browser data, CSRF vulnerabilities, and access to other resources served on the same domain or parent domains. This is fixed in version 1.27.0.
Credit: security-advisories@github.com
Affected Software | Affected Version | How to fix |
---|---|---|
Matrix Synapse | <1.27.0 | |
Fedoraproject Fedora | =34 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2021-21332 is a vulnerability in Synapse, a Matrix reference homeserver, that allows for cross-site scripting (XSS) attacks.
CVE-2021-21332 has a severity rating of 8.2, which is considered high.
CVE-2021-21332 affects Synapse versions up to and excluding 1.27.0, making them vulnerable to cross-site scripting (XSS) attacks.
To fix CVE-2021-21332, upgrade to Synapse version 1.27.0 or higher.
Yes, Fedora version 34 is affected by CVE-2021-21332.