How severe is CVE-2023-45129?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 4.9 out of 10.

What type of vulnerability is CVE-2023-45129?

This is classified as CWE-770, which is a common weakness in software security.

CVE-2023-45129 - MEDIUM Severity | CVSS 4.9

Vulnerability Description

Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. Prior to version 1.94.0, a malicious server ACL event can impact performance temporarily or permanently leading to a persistent denial of service. Homeservers running on a closed federation (which presumably do not need to use server ACLs) are not affected. Server administrators are advised to upgrade to Synapse 1.94.0 or later. As a workaround, rooms with malicious server ACL events can be purged and blocked using the admin API.

Related Vulnerabilities

CVE-2021-22360

MEDIUM

CVSS:4.9(Medium)

There is a resource management error vulnerability in the verisions V500R001C60SPC500, V500R005C00SPC100, V500R005C00SPC200 of USG9500. An authentication attacker needs to perform specific operations ...

CWE-7702021

CVE-2021-28700

MEDIUM

CVSS:4.9(Medium)

xen/arm: No memory limit for dom0less domUs The dom0less feature allows an administrator to create multiple unprivileged domains directly from Xen. Unfortunately, the memory limit from them is not set...

CWE-7702021

CVE-2022-22488

MEDIUM

CVSS:4.9(Medium)

IBM OpenBMC OP910 and OP940 could allow a privileged user to cause a denial of service by uploading or deleting too many CA certificates in a short period of time. IBM X-Force ID: 2226337.

CWE-7702022

CVE-2023-22819

MEDIUM

CVSS:4.9(Medium)

An uncontrolled resource consumption vulnerability issue that could arise by sending crafted requests to a service to consume a large amount of memory, eventually resulting in the service being stoppe...

CWE-7702023

CVE-2023-28107

MEDIUM

CVSS:4.9(Medium)

Discourse is an open-source discussion platform. Prior to version 3.0.2 of the `stable` branch and version 3.1.0.beta3 of the `beta` and `tests-passed` branches, a user logged as an administrator can ...

CWE-7702023

CVE-2023-29973

MEDIUM

CVSS:4.9(Medium)

Pfsense CE version 2.6.0 is vulnerable to No rate limit which can lead to an attacker creating multiple malicious users in firewall.

CWE-7702023