Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2020-26891

AuthRestServlet in Matrix Synapse before 1.21.0 is vulnerable to XSS due to unsafe interpolation of the session GET parameter. This allows a remote attacker to execute an XSS attack on the domain Synapse is hosted on, by supplying the victim user with a malicious URL to the /_matrix/client/r0/auth/*/fallback/web or /_matrix/client/unstable/auth/*/fallback/web Synapse endpoints.

Related bugs and status

CVE-2020-26891 (Candidate) is related to these bugs:

Bug #1848709: implementation is unusably old and contains significant security problems

Summary				In	Importance	Status
	1848709	implementation is unusably old and contains significant security problems		matrix-synapse (Ubuntu)	Undecided	Incomplete
	1848709	implementation is unusably old and contains significant security problems		matrix-synapse (Debian)	Unknown	Fix Released

See the

CVE page on Mitre.org for more details.

References

MISC: https://github.com/mat...
MISC: https://matrix.org/blo...
CONFIRM: https://github.com/mat...
MISC: https://github.com/mat...