Vulnerability Database

289,784

Total vulnerabilities in the database

CVE-2018-12291

The on_get_missing_events function in handlers/federation.py in Matrix Synapse before 0.31.1 has a security bug in the get_missing_events federation API where event visibility rules were not applied correctly.

  • Published: Jun 13, 2018
  • Updated: Apr 13, 2023
  • CVE: CVE-2018-12291
  • Severity: High
  • Exploit:

CVSS v3:

  • Severity: High
  • Score: 7.5
  • AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CVSS v2:

  • Severity: Medium
  • Score: 5
  • AV:N/AC:L/Au:N/C:P/I:N/A:N

No CWE or OWASP classifications available.

Software From Fixed in
matrix / synapse - 0.31.1