Test ID:	1.3.6.1.4.1.25623.1.1.12.2025.7444.1
Category:	Ubuntu Local Security Checks
Title:	Ubuntu: Security Advisory (USN-7444-1)
Summary:	The remote host is missing an update for the 'matrix-synapse' package(s) announced via the USN-7444-1 advisory.
Description:	Summary: The remote host is missing an update for the 'matrix-synapse' package(s) announced via the USN-7444-1 advisory. Vulnerability Insight: It was discovered that Synapse network policies could be bypassed via specially crafted URLs. An attacker could possibly use this issue to bypass authentication mechanisms. (CVE-2023-32683) It was discovered that Synapse exposed cached device information. An attacker could possibly use this issue to gain access to sensitive information. (CVE-2023-43796) It was discovered that Synapse could be tricked into rejecting state changes in rooms. An attacker could possibly use this issue to cause Synapse to stop functioning properly, resulting in a denial of service. This issue was only fixed in Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2022-39374) It was discovered that Synapse stored user credentials in a server's database temporarily. An attacker could possibly use this issue to gain access to sensitive information. This issue was only fixed in Ubuntu 22.04 LTS. (CVE-2023-41335) It was discovered that Synapse could incorrectly respond to server authorization events. An attacker could possibly use this issue to bypass authentication mechanisms. This issue was only fixed in Ubuntu 22.04 LTS. (CVE-2022-39335) It was discovered that Synapse could be manipulated to mark messages as read when they had not been viewed. An attacker could possibly use this issue to perform repudiation-based attacks. This issue was only fixed in Ubuntu 22.04 LTS. (CVE-2023-42453) It was discovered that Synapse had several memory-related issues. An attacker could possibly use this issue to cause Synapse to crash, resulting in a denial of service. This issue was only fixed in Ubuntu 22.04 LTS. (CVE-2024-31208) It was discovered that Synapse could run external tools due to a unchecked thumbnail rendering routine. An attacker could possibly use this issue to cause Synapse to crash, resulting in a denial of service, or execute arbitrary code. This issue was only fixed in Ubuntu 22.04 LTS. (CVE-2024-53863) Affected Software/OS: 'matrix-synapse' package(s) on Ubuntu 18.04, Ubuntu 20.04, Ubuntu 22.04. Solution: Please install the updated package(s). CVSS Score: 6.8 CVSS Vector: AV:N/AC:L/Au:S/C:N/I:N/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2022-39335 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T2MBNMZAFY4RCZL2VGBGAPKGB4JUPZVS/ https://github.com/matrix-org/synapse/issues/13288 https://github.com/matrix-org/synapse/pull/13823 https://github.com/matrix-org/synapse/security/advisories/GHSA-45cj-f97f-ggwv Common Vulnerability Exposure (CVE) ID: CVE-2022-39374 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UJIJRP5ZH6B3KGFLHCAKR2IX2Y4Z25QD/ https://github.com/matrix-org/synapse/pull/13723 https://github.com/matrix-org/synapse/security/advisories/GHSA-p9qp-c452-f9r7 Common Vulnerability Exposure (CVE) ID: CVE-2023-32683 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X6DH5A5YEB5LRIPP32OUW25FCGZFCZU2/ https://github.com/matrix-org/synapse/pull/15601 https://github.com/matrix-org/synapse/security/advisories/GHSA-98px-6486-j7qc Common Vulnerability Exposure (CVE) ID: CVE-2023-41335 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N6P4QULVUE254WI7XF2LWWOGHCYVFXFY/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2AFB2Y3S2VCPCN5P2XCZTG24MBMZ7DM4/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/65QPC55I4D27HIZP7H2NQ34EOXHPP4AO/ https://security.gentoo.org/glsa/202401-12 https://github.com/matrix-org/synapse/pull/16272 https://github.com/matrix-org/synapse/security/advisories/GHSA-4f74-84v3-j9q5 Common Vulnerability Exposure (CVE) ID: CVE-2023-42453 https://github.com/matrix-org/synapse/pull/16327 https://github.com/matrix-org/synapse/security/advisories/GHSA-7565-cq32-vx2x Common Vulnerability Exposure (CVE) ID: CVE-2023-43796 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VH3RNC5ZPQZ4OKPSL4E6BBJSZOQLGDEY/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2IDEEZMFJBDLTFHQUTZRJJNCOZGQ2ZVS/ https://github.com/matrix-org/synapse/commit/daec55e1fe120c564240c5386e77941372bf458f https://github.com/matrix-org/synapse/security/advisories/GHSA-mp92-3jfm-3575 Common Vulnerability Exposure (CVE) ID: CVE-2024-31208 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VSF4NJJSTSQRJQ47PLYYSCFYKJBP7DET/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RR53FNHV446CB37TP45GZ6F6HZLZCK3K/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R6FCCO4ODTZ3FDS7TMW76PKOSEL2TQVB/ https://github.com/element-hq/synapse/commit/55b0aa847a61774b6a3acdc4b177a20dc019f01a https://github.com/element-hq/synapse/releases/tag/v1.105.1 https://github.com/element-hq/synapse/security/advisories/GHSA-3h7q-rfh9-xm4v Common Vulnerability Exposure (CVE) ID: CVE-2024-53863
Copyright	Copyright (C) 2025 Greenbone AG

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.