Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

CVE-2021-41281

HIGH
Published 2021-11-23T19:15:18
Actions:

Expert Analysis

Professional remediation guidance

Get tailored security recommendations from our analyst team for CVE-2021-41281. We'll provide specific mitigation strategies based on your environment and risk profile.

CVSS Score

V3.1
7.5
/10
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Base Score Metrics
Exploitability: N/A Impact: N/A

EPSS Score

v2025.03.14
0.005
probability
of exploitation in the wild

There is a 0.5% chance that this vulnerability will be exploited in the wild within the next 30 days.

Updated: 2025-06-25
Exploit Probability
Percentile: 0.669
Higher than 66.9% of all CVEs

Attack Vector Metrics

Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED

Impact Metrics

Confidentiality
NONE
Integrity
HIGH
Availability
NONE

Description

Synapse is a package for Matrix homeservers written in Python 3/Twisted. Prior to version 1.47.1, Synapse instances with the media repository enabled can be tricked into downloading a file from a remote server into an arbitrary directory. No authentication is required for the affected endpoint. The last 2 directories and file name of the path are chosen randomly by Synapse and cannot be controlled by an attacker, which limits the impact. Homeservers with the media repository disabled are unaffected. Homeservers with a federation whitelist are also unaffected, since Synapse will check the remote hostname, including the trailing `../`s, against the whitelist. Server administrators should upgrade to 1.47.1 or later. Server administrators using a reverse proxy could, at the expense of losing media functionality, may block the certain endpoints as a workaround. Alternatively, non-containerized deployments can be adapted to use the hardened systemd config.

Available Exploits

No exploits available for this CVE.

Related News

No news articles found for this CVE.

Affected Products

matrix-org

synapse

Affected Versions:

< 1.47.1

GitHub Security Advisories

Community-driven vulnerability intelligence from GitHub

✓ GitHub Reviewed HIGH

Path traversal in Matrix Synapse

GHSA-3hfw-x7gx-437c

Advisory Details

### Impact Synapse instances with the media repository enabled can be tricked into downloading a file from a remote server into an arbitrary directory, potentially outside the media store directory. The last two directories and file name of the path are chosen randomly by Synapse and cannot be controlled by an attacker, which limits the impact. Homeservers with the media repository disabled are unaffected. Homeservers configured with a federation whitelist are also unaffected. ### Patches Server administrators should upgrade to 1.47.1 or later. ### Workarounds Server administrators using a reverse proxy could, at the expense of losing media functionality, block the following endpoints: * `/_matrix/media/r0/download/{serverName}/{mediaId}` * `/_matrix/media/r0/download/{serverName}/{mediaId}/{fileName}` * `/_matrix/media/r0/thumbnail/{serverName}/{mediaId}` Alternatively, non-containerized deployments can be adapted to use the hardened systemd config, located at `contrib/systemd/override-hardened.conf`. ### References n/a ### For more information If you have any questions or comments about this advisory, e-mail us at [email protected].

Affected Packages

PyPI matrix-synapse
ECOSYSTEM: ≥0 <1.47.1

CVSS Scoring

CVSS Score

7.5

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

References

WEB https://github.com/matrix-org/synapse/security/advisories/GHSA-3hfw-x7gx-437c
ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2021-41281
WEB https://github.com/matrix-org/synapse/commit/91f2bd090
PACKAGE https://github.com/matrix-org/synapse
WEB https://github.com/matrix-org/synapse/releases/tag/v1.47.1
WEB https://github.com/pypa/advisory-database/tree/main/vulns/matrix-synapse/PYSEC-2021-436.yaml
WEB https://lists.fedoraproject.org/archives/list/[email protected]/message/EU7QRE55U4IUEDLKT5IYPWL3UXMELFAS
WEB https://lists.fedoraproject.org/archives/list/[email protected]/message/N3WY56LCEZ4ZECLWV5KMAXF2PSMUB4F2

Advisory provided by GitHub Security Advisory Database. Published: November 23, 2021, Modified: September 24, 2024

References

https://github.com/matrix-org/synapse/security/advisories/GHSA-3hfw-x7gx-437c
https://github.com/matrix-org/synapse/commit/91f2bd090
https://github.com/matrix-org/synapse/releases/tag/v1.47.1
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N3WY56LCEZ4ZECLWV5KMAXF2PSMUB4F2/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EU7QRE55U4IUEDLKT5IYPWL3UXMELFAS/
Published: 2021-11-23T19:15:18
Last Modified: 2024-08-04T03:08:31.942Z
Copied to clipboard!