Vulnerability disclosure: Hijacking Synapse's port 8008 after triggering systemd-oomd with a Synapse memory leak #172
Loading…
Reference in a new issue
No description provided.
Delete branch "%!s()"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
This security vulnerability has been fixed and was not known to have been exploited.
This vulnerability was reported by @ersei in a private email:
The vulnerability was not as serious as Ersei suggested and an attacker using this would not have been able to get root access, although they could probably still steal Matrix credentials. The attack would be obvious and noticeable, so we're very confident that no one ever carried it out. This was my response:
For disclosing future vulnerabilities, Gitea get a private issues feature soon, so you can use that, or send an email to help@exozy.me.
@ersei I looked at the Synapse 1.64 release log, and it said that the memory leak is in frozendict, not Synpase itself. Since we updated frozendict to a non-vulnerable version on August 23, I doubt that you could have hijacked the Synapse port even if we hadn't updated Synapse to 1.64.