Incorrect Event Visibility Rules in Matrix Synapse Federation API

Incorrect Event Visibility Rules in Matrix Synapse Federation API

CVE-2018-12291 · MEDIUM Severity

AV:N/AC:L/AU:N/C:P/I:N/A:N

The on_get_missing_events function in handlers/federation.py in Matrix Synapse before 0.31.1 has a security bug in the get_missing_events federation API where event visibility rules were not applied correctly.

Learn more about our Api Penetration Testing.