Vulnerabilities > Matrix > Synapse > 0.33.2
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2019-03-21 | CVE-2019-5885 | Use of Insufficiently Random Values vulnerability in multiple products Matrix Synapse before 0.34.0.1, when the macaroon_secret_key authentication parameter is not set, uses a predictable value to derive a secret key and other secrets which could allow remote attackers to impersonate users. | 7.5 |
2018-09-18 | CVE-2018-16515 | Improper Verification of Cryptographic Signature vulnerability in multiple products Matrix Synapse before 0.33.3.1 allows remote attackers to spoof events and possibly have unspecified other impacts by leveraging improper transaction and event signature validation. | 8.8 |