How severe is CVE-2022-39335?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5 out of 10.

What type of vulnerability is CVE-2022-39335?

This is classified as CWE-200, which is a common weakness in software security.

CVE-2022-39335 - MEDIUM Severity | CVSS 5

Vulnerability Description

Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. The Matrix Federation API allows remote homeservers to request the authorization events in a room. This is necessary so that a homeserver receiving some events can validate that those events are legitimate and permitted in their room. However, in versions of Synapse up to and including 1.68.0, a Synapse homeserver answering a query for authorization events does not sufficiently check that the requesting server should be able to access them. The issue was patched in Synapse 1.69.0. Homeserver administrators are advised to upgrade.

Related Vulnerabilities

CVE-2015-2253

MEDIUM

CVSS:5.0(Medium)

The XML interface in Huawei OceanStor UDS devices with software before V100R002C01SPC102 allows remote authenticated users to obtain sensitive information via a crafted XML document.

CWE-2002015

CVE-2016-0073

MEDIUM

CVSS:5.0(Medium)

The kernel in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 allows local users to gain privileges via a crafted application that makes an ...

CWE-2002016

CVE-2016-0079

MEDIUM

CVSS:5.0(Medium)

The kernel in Microsoft Windows 10 Gold, 1511, and 1607 allows local users to gain privileges via a crafted application that makes an API call to access sensitive information in the registry, aka "Win...

CWE-2002016

CVE-2016-3232

MEDIUM

CVSS:5.0(Medium)

The Virtual PCI (VPCI) virtual service provider in Microsoft Windows Server 2012 Gold and R2 allows local users to obtain sensitive information from uninitialized memory locations via a crafted applic...

CWE-2002016

CVE-2016-3256

MEDIUM

CVSS:5.0(Medium)

Microsoft Windows 10 Gold and 1511 allows local users to bypass the Secure Kernel Mode protection mechanism and obtain sensitive information via a crafted application, aka "Windows Secure Kernel Mode ...

CWE-2002016

CVE-2017-0282

MEDIUM

CVSS:5.0(Medium)

Uniscribe in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, Windows Server 2016, Microsoft Office 2...

CWE-2002017