Vulnerabilities > Matrix > Synapse > 0.33.3

DATE CVE VULNERABILITY TITLE RISK
2019-03-21 CVE-2019-5885 Use of Insufficiently Random Values vulnerability in multiple products
Matrix Synapse before 0.34.0.1, when the macaroon_secret_key authentication parameter is not set, uses a predictable value to derive a secret key and other secrets which could allow remote attackers to impersonate users.
network
low complexity
matrix fedoraproject CWE-330
7.5
7.5
2018-09-18 CVE-2018-16515 Improper Verification of Cryptographic Signature vulnerability in multiple products
Matrix Synapse before 0.33.3.1 allows remote attackers to spoof events and possibly have unspecified other impacts by leveraging improper transaction and event signature validation.
network
low complexity
matrix debian CWE-347
8.8
8.8