csaf_opensuse - opensuse-su-2025:14704-1

opensuse-su-2025:14704-1

Vulnerability from csaf_opensuse

Published

2025-01-28 00:00

Modified

2025-01-28 00:00

Summary

govulncheck-vulndb-0.0.20250117T214834-1.1 on GA media

Notes

Title of the patch

govulncheck-vulndb-0.0.20250117T214834-1.1 on GA media

Description of the patch

These are all security issues fixed in the govulncheck-vulndb-0.0.20250117T214834-1.1 package on the GA media of openSUSE Tumbleweed.

Patchnames

openSUSE-Tumbleweed-2025-14704

CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "govulncheck-vulndb-0.0.20250117T214834-1.1 on GA media",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "These are all security issues fixed in the govulncheck-vulndb-0.0.20250117T214834-1.1 package on the GA media of openSUSE Tumbleweed.",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "openSUSE-Tumbleweed-2025-14704",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2025_14704-1.json"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2024-36402 page",
        "url": "https://www.suse.com/security/cve/CVE-2024-36402/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2024-36403 page",
        "url": "https://www.suse.com/security/cve/CVE-2024-36403/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2024-52594 page",
        "url": "https://www.suse.com/security/cve/CVE-2024-52594/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2024-52602 page",
        "url": "https://www.suse.com/security/cve/CVE-2024-52602/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2024-52791 page",
        "url": "https://www.suse.com/security/cve/CVE-2024-52791/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2024-56515 page",
        "url": "https://www.suse.com/security/cve/CVE-2024-56515/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-20086 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-20086/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-20088 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-20088/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-20621 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-20621/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-21088 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-21088/"
      }
    ],
    "title": "govulncheck-vulndb-0.0.20250117T214834-1.1 on GA media",
    "tracking": {
      "current_release_date": "2025-01-28T00:00:00Z",
      "generator": {
        "date": "2025-01-28T00:00:00Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "openSUSE-SU-2025:14704-1",
      "initial_release_date": "2025-01-28T00:00:00Z",
      "revision_history": [
        {
          "date": "2025-01-28T00:00:00Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "govulncheck-vulndb-0.0.20250117T214834-1.1.aarch64",
                "product": {
                  "name": "govulncheck-vulndb-0.0.20250117T214834-1.1.aarch64",
                  "product_id": "govulncheck-vulndb-0.0.20250117T214834-1.1.aarch64"
                }
              }
            ],
            "category": "architecture",
            "name": "aarch64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "govulncheck-vulndb-0.0.20250117T214834-1.1.ppc64le",
                "product": {
                  "name": "govulncheck-vulndb-0.0.20250117T214834-1.1.ppc64le",
                  "product_id": "govulncheck-vulndb-0.0.20250117T214834-1.1.ppc64le"
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "govulncheck-vulndb-0.0.20250117T214834-1.1.s390x",
                "product": {
                  "name": "govulncheck-vulndb-0.0.20250117T214834-1.1.s390x",
                  "product_id": "govulncheck-vulndb-0.0.20250117T214834-1.1.s390x"
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "govulncheck-vulndb-0.0.20250117T214834-1.1.x86_64",
                "product": {
                  "name": "govulncheck-vulndb-0.0.20250117T214834-1.1.x86_64",
                  "product_id": "govulncheck-vulndb-0.0.20250117T214834-1.1.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "openSUSE Tumbleweed",
                "product": {
                  "name": "openSUSE Tumbleweed",
                  "product_id": "openSUSE Tumbleweed",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:opensuse:tumbleweed"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "govulncheck-vulndb-0.0.20250117T214834-1.1.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250117T214834-1.1.aarch64"
        },
        "product_reference": "govulncheck-vulndb-0.0.20250117T214834-1.1.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "govulncheck-vulndb-0.0.20250117T214834-1.1.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250117T214834-1.1.ppc64le"
        },
        "product_reference": "govulncheck-vulndb-0.0.20250117T214834-1.1.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "govulncheck-vulndb-0.0.20250117T214834-1.1.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250117T214834-1.1.s390x"
        },
        "product_reference": "govulncheck-vulndb-0.0.20250117T214834-1.1.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "govulncheck-vulndb-0.0.20250117T214834-1.1.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250117T214834-1.1.x86_64"
        },
        "product_reference": "govulncheck-vulndb-0.0.20250117T214834-1.1.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2024-36402",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2024-36402"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Matrix Media Repo (MMR) is a highly configurable multi-homeserver media repository for Matrix. MMR before version 1.3.5 allows, by design, unauthenticated remote participants to trigger a download and caching of remote media from a remote homeserver to the local media repository. Such content then also becomes available for download from the local homeserver in an unauthenticated way. The implication is that unauthenticated remote adversaries can use this functionality to plant problematic content into the media repository. MMR 1.3.5 introduces a partial mitigation in the form of new endpoints which require authentication for media downloads. The unauthenticated endpoints will be frozen in a future release, closing the attack vector. Though extremely limited, server operators can use more strict rate limits based on IP address as a partial workaround.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250117T214834-1.1.aarch64",
          "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250117T214834-1.1.ppc64le",
          "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250117T214834-1.1.s390x",
          "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250117T214834-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2024-36402",
          "url": "https://www.suse.com/security/cve/CVE-2024-36402"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250117T214834-1.1.aarch64",
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250117T214834-1.1.ppc64le",
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250117T214834-1.1.s390x",
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250117T214834-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250117T214834-1.1.aarch64",
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250117T214834-1.1.ppc64le",
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250117T214834-1.1.s390x",
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250117T214834-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-01-28T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2024-36402"
    },
    {
      "cve": "CVE-2024-36403",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2024-36403"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Matrix Media Repo (MMR) is a highly configurable multi-homeserver media repository for Matrix. MMR before version 1.3.5 is vulnerable to unbounded disk consumption, where an unauthenticated adversary can induce it to download and cache large amounts of remote media files. MMR\u0027s typical operating environment uses S3-like storage as a backend, with file-backed store as an alternative option. Instances using a file-backed store or those which self-host an S3 storage system are therefore vulnerable to a disk fill attack. Once the disk is full, authenticated users will be unable to upload new media, resulting in denial of service. For instances configured to use a cloud-based S3 storage option, this could result in high service fees instead of a denial of service. MMR 1.3.5 introduces a new default-on \"leaky bucket\" rate limit to reduce the amount of data a user can request at a time. This does not fully address the issue, but does limit an unauthenticated user\u0027s ability to request large amounts of data. Operators should note that the leaky bucket implementation introduced in MMR 1.3.5 requires the IP address associated with the request to be forwarded, to avoid mistakenly applying the rate limit to the reverse proxy instead. To avoid this issue, the reverse proxy should populate the X-Forwarded-For header when sending the request to MMR. Operators who cannot update may wish to lower the maximum file size they allow and implement harsh rate limits, though this can still lead to a large amount of data to be downloaded.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250117T214834-1.1.aarch64",
          "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250117T214834-1.1.ppc64le",
          "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250117T214834-1.1.s390x",
          "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250117T214834-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2024-36403",
          "url": "https://www.suse.com/security/cve/CVE-2024-36403"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250117T214834-1.1.aarch64",
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250117T214834-1.1.ppc64le",
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250117T214834-1.1.s390x",
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250117T214834-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250117T214834-1.1.aarch64",
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250117T214834-1.1.ppc64le",
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250117T214834-1.1.s390x",
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250117T214834-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-01-28T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2024-36403"
    },
    {
      "cve": "CVE-2024-52594",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2024-52594"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Gomatrixserverlib is a Go library for matrix federation. Gomatrixserverlib is vulnerable to server-side request forgery, serving content from a private network it can access, under certain conditions. The commit `c4f1e01` fixes this issue. Users are advised to upgrade. Users unable to upgrade should use a local firewall to limit the network segments and hosts the service using gomatrixserverlib can access.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250117T214834-1.1.aarch64",
          "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250117T214834-1.1.ppc64le",
          "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250117T214834-1.1.s390x",
          "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250117T214834-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2024-52594",
          "url": "https://www.suse.com/security/cve/CVE-2024-52594"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250117T214834-1.1.aarch64",
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250117T214834-1.1.ppc64le",
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250117T214834-1.1.s390x",
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250117T214834-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-01-28T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2024-52594"
    },
    {
      "cve": "CVE-2024-52602",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2024-52602"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Matrix Media Repo (MMR) is a highly configurable multi-homeserver media repository for Matrix. Matrix Media Repo (MMR) is vulnerable to server-side request forgery, serving content from a private network it can access, under certain conditions. This is fixed in MMR v1.3.8. Users are advised to upgrade. Restricting which hosts MMR is allowed to contact via (local) firewall rules or a transparent proxy and may provide a workaround for users unable to upgrade.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250117T214834-1.1.aarch64",
          "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250117T214834-1.1.ppc64le",
          "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250117T214834-1.1.s390x",
          "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250117T214834-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2024-52602",
          "url": "https://www.suse.com/security/cve/CVE-2024-52602"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250117T214834-1.1.aarch64",
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250117T214834-1.1.ppc64le",
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250117T214834-1.1.s390x",
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250117T214834-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250117T214834-1.1.aarch64",
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250117T214834-1.1.ppc64le",
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250117T214834-1.1.s390x",
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250117T214834-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-01-28T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2024-52602"
    },
    {
      "cve": "CVE-2024-52791",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2024-52791"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Matrix Media Repo (MMR) is a highly configurable multi-homeserver media repository for Matrix. MMR makes requests to other servers as part of normal operation, and these resource owners can return large amounts of JSON back to MMR for parsing. In parsing, MMR can consume large amounts of memory and exhaust available memory. This is fixed in MMR v1.3.8. Users are advised to upgrade. For users unable to upgrade; forward proxies can be configured to block requests to unsafe hosts. Alternatively, MMR processes can be configured with memory limits and auto-restart. Running multiple MMR processes concurrently can help ensure a restart does not overly impact users.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250117T214834-1.1.aarch64",
          "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250117T214834-1.1.ppc64le",
          "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250117T214834-1.1.s390x",
          "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250117T214834-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2024-52791",
          "url": "https://www.suse.com/security/cve/CVE-2024-52791"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250117T214834-1.1.aarch64",
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250117T214834-1.1.ppc64le",
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250117T214834-1.1.s390x",
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250117T214834-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250117T214834-1.1.aarch64",
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250117T214834-1.1.ppc64le",
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250117T214834-1.1.s390x",
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250117T214834-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-01-28T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2024-52791"
    },
    {
      "cve": "CVE-2024-56515",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2024-56515"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Matrix Media Repo (MMR) is a highly configurable multi-homeserver media repository for Matrix. If SVG or JPEGXL thumbnailers are enabled (they are disabled by default), a user may upload a file which claims to be either of these types and request a thumbnail to invoke a different decoder in ImageMagick. In some ImageMagick installations, this includes the capability to run Ghostscript to decode the image/file. If MP4 thumbnailers are enabled (also disabled by default), the same issue as above may occur with the ffmpeg installation instead. MMR uses a number of other decoders for all other file types when preparing thumbnails. Theoretical issues are possible with these decoders, however in testing they were not possible to exploit. This is fixed in MMR v1.3.8. MMR now inspects the mimetype of media prior to thumbnailing, and picks a thumbnailer based on those results instead of relying on user-supplied values. This may lead to fewer thumbnails when obscure file shapes are used. This also helps narrow scope of theoretical issues with all decoders MMR uses for thumbnails. Users are advised to upgrade. Users unable to upgrade may disable the SVG, JPEGXL, and MP4 thumbnail types in the MMR config which prevents the decoders from being invoked. Further disabling uncommon file types on the server is recommended to limit risk surface. Containers and other similar technologies may also be used to limit the impact of vulnerabilities in external decoders, like ImageMagick and ffmpeg. Some installations of ImageMagick may disable \"unsafe\" file types, like PDFs, already. This option can be replicated to other environments as needed. ffmpeg may be compiled with limited decoders/codecs. The Docker image for MMR disables PDFs and similar formats by default.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250117T214834-1.1.aarch64",
          "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250117T214834-1.1.ppc64le",
          "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250117T214834-1.1.s390x",
          "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250117T214834-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2024-56515",
          "url": "https://www.suse.com/security/cve/CVE-2024-56515"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250117T214834-1.1.aarch64",
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250117T214834-1.1.ppc64le",
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250117T214834-1.1.s390x",
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250117T214834-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250117T214834-1.1.aarch64",
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250117T214834-1.1.ppc64le",
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250117T214834-1.1.s390x",
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250117T214834-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-01-28T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2024-56515"
    },
    {
      "cve": "CVE-2025-20086",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-20086"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Mattermost versions 10.2.x \u003c= 10.2.0, 9.11.x \u003c= 9.11.5, 10.0.x \u003c= 10.0.3, 10.1.x \u003c= 10.1.3 fail to properly validate post props which allows a malicious authenticated user to cause a crash via a malicious post.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250117T214834-1.1.aarch64",
          "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250117T214834-1.1.ppc64le",
          "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250117T214834-1.1.s390x",
          "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250117T214834-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-20086",
          "url": "https://www.suse.com/security/cve/CVE-2025-20086"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250117T214834-1.1.aarch64",
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250117T214834-1.1.ppc64le",
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250117T214834-1.1.s390x",
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250117T214834-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-01-28T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-20086"
    },
    {
      "cve": "CVE-2025-20088",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-20088"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Mattermost versions 10.2.x \u003c= 10.2.0, 9.11.x \u003c= 9.11.5, 10.0.x \u003c= 10.0.3, 10.1.x \u003c= 10.1.3 fail to properly validate post props which allows a malicious authenticated user to cause a crash via a malicious post.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250117T214834-1.1.aarch64",
          "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250117T214834-1.1.ppc64le",
          "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250117T214834-1.1.s390x",
          "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250117T214834-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-20088",
          "url": "https://www.suse.com/security/cve/CVE-2025-20088"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250117T214834-1.1.aarch64",
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250117T214834-1.1.ppc64le",
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250117T214834-1.1.s390x",
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250117T214834-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-01-28T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-20088"
    },
    {
      "cve": "CVE-2025-20621",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-20621"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Mattermost versions 10.2.x \u003c= 10.2.0, 9.11.x \u003c= 9.11.5, 10.0.x \u003c= 10.0.3, 10.1.x \u003c= 10.1.3 fail to properly handle posts with attachments containing fields that cannot be cast to a String, which allows an attacker to cause the webapp to crash via creating and sending such a post to a channel.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250117T214834-1.1.aarch64",
          "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250117T214834-1.1.ppc64le",
          "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250117T214834-1.1.s390x",
          "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250117T214834-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-20621",
          "url": "https://www.suse.com/security/cve/CVE-2025-20621"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250117T214834-1.1.aarch64",
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250117T214834-1.1.ppc64le",
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250117T214834-1.1.s390x",
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250117T214834-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-01-28T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-20621"
    },
    {
      "cve": "CVE-2025-21088",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-21088"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Mattermost versions 10.2.x \u003c= 10.2.0, 9.11.x \u003c= 9.11.5, 10.0.x \u003c= 10.0.3, 10.1.x \u003c= 10.1.3 fail to properly validate the style of proto supplied to an action\u0027s style in post.props.attachments, which allows an attacker to crash the frontend via crafted malicious input.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250117T214834-1.1.aarch64",
          "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250117T214834-1.1.ppc64le",
          "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250117T214834-1.1.s390x",
          "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250117T214834-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-21088",
          "url": "https://www.suse.com/security/cve/CVE-2025-21088"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250117T214834-1.1.aarch64",
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250117T214834-1.1.ppc64le",
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250117T214834-1.1.s390x",
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250117T214834-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-01-28T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-21088"
    }
  ]
}

CVE-2025-21088 (GCVE-0-2025-21088)

Vulnerability from cvelistv5

Published

2025-01-15 15:51

Modified

2025-01-15 16:20

Severity ?

6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-704 - Incorrect Type Conversion or Cast

Summary

Mattermost versions 10.2.x <= 10.2.0, 9.11.x <= 9.11.5, 10.0.x <= 10.0.3, 10.1.x <= 10.1.3 fail to properly validate the style of proto supplied to an action's style in post.props.attachments, which allows an attacker to crash the frontend via crafted malicious input.

References

►

URL

Tags

https://mattermost.com/security-updates

Impacted products

	Vendor	Product	Version
	Mattermost	Mattermost	Version: 10.2.0 Version: 9.11.0 ≤ 9.11.5 Version: 10.0.0 ≤ 10.0.3 Version: 10.1.0 ≤ 10.1.3

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-21088",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-01-15T16:19:00.477273Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-01-15T16:20:11.778Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Mattermost",
          "vendor": "Mattermost",
          "versions": [
            {
              "status": "affected",
              "version": "10.2.0"
            },
            {
              "lessThanOrEqual": "9.11.5",
              "status": "affected",
              "version": "9.11.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "10.0.3",
              "status": "affected",
              "version": "10.0.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "10.1.3",
              "status": "affected",
              "version": "10.1.0",
              "versionType": "semver"
            },
            {
              "status": "unaffected",
              "version": "10.3.0"
            },
            {
              "status": "unaffected",
              "version": "10.2.1"
            },
            {
              "status": "unaffected",
              "version": "9.11.6"
            },
            {
              "status": "unaffected",
              "version": "10.0.4"
            },
            {
              "status": "unaffected",
              "version": "10.1.4"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "c0rydoras"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eMattermost versions 10.2.x \u0026lt;= 10.2.0, 9.11.x \u0026lt;= 9.11.5, 10.0.x \u0026lt;= 10.0.3, 10.1.x \u0026lt;= 10.1.3 fail to properly validate the style of proto supplied to an action\u0027s style in post.props.attachments, which allows an attacker to crash the frontend via crafted malicious input.\u003cbr\u003e\u003c/p\u003e"
            }
          ],
          "value": "Mattermost versions 10.2.x \u003c= 10.2.0, 9.11.x \u003c= 9.11.5, 10.0.x \u003c= 10.0.3, 10.1.x \u003c= 10.1.3 fail to properly validate the style of proto supplied to an action\u0027s style in post.props.attachments, which allows an attacker to crash the frontend via crafted malicious input."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-704",
              "description": "CWE-704: Incorrect Type Conversion or Cast",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-01-15T15:51:49.474Z",
        "orgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee",
        "shortName": "Mattermost"
      },
      "references": [
        {
          "url": "https://mattermost.com/security-updates"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eUpdate Mattermost to versions 10.3.0, 2.23.0, 10.2.1, 9.11.6, 10.0.4, 10.1.4 or higher.\u003c/p\u003e"
            }
          ],
          "value": "Update Mattermost to versions 10.3.0, 2.23.0, 10.2.1, 9.11.6, 10.0.4, 10.1.4 or higher."
        }
      ],
      "source": {
        "advisory": "MMSA-2024-00402",
        "defect": [
          "https://mattermost.atlassian.net/browse/MM-61709"
        ],
        "discovery": "EXTERNAL"
      },
      "title": "WebApp crash via improper validation of proto style in attachments",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee",
    "assignerShortName": "Mattermost",
    "cveId": "CVE-2025-21088",
    "datePublished": "2025-01-15T15:51:49.474Z",
    "dateReserved": "2025-01-15T15:30:33.435Z",
    "dateUpdated": "2025-01-15T16:20:11.778Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-36403 (GCVE-0-2024-36403)

Vulnerability from cvelistv5

Published

2025-01-16 19:16

Modified

2025-02-12 20:31

Severity ?

5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

CWE

CWE-770 - Allocation of Resources Without Limits or Throttling

Summary

Matrix Media Repo (MMR) is a highly configurable multi-homeserver media repository for Matrix. MMR before version 1.3.5 is vulnerable to unbounded disk consumption, where an unauthenticated adversary can induce it to download and cache large amounts of remote media files. MMR's typical operating environment uses S3-like storage as a backend, with file-backed store as an alternative option. Instances using a file-backed store or those which self-host an S3 storage system are therefore vulnerable to a disk fill attack. Once the disk is full, authenticated users will be unable to upload new media, resulting in denial of service. For instances configured to use a cloud-based S3 storage option, this could result in high service fees instead of a denial of service. MMR 1.3.5 introduces a new default-on "leaky bucket" rate limit to reduce the amount of data a user can request at a time. This does not fully address the issue, but does limit an unauthenticated user's ability to request large amounts of data. Operators should note that the leaky bucket implementation introduced in MMR 1.3.5 requires the IP address associated with the request to be forwarded, to avoid mistakenly applying the rate limit to the reverse proxy instead. To avoid this issue, the reverse proxy should populate the X-Forwarded-For header when sending the request to MMR. Operators who cannot update may wish to lower the maximum file size they allow and implement harsh rate limits, though this can still lead to a large amount of data to be downloaded.

References

►

URL

Tags

	https://github.com/t2bot/matrix-media-repo/security/advisories/GHSA-vc2m-hw89-qjxf	x_refsource_CONFIRM
	https://en.wikipedia.org/wiki/Leaky_bucket#As_a_meter	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	t2bot	matrix-media-repo	Version: < 1.3.5

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-36403",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-01-16T19:55:24.330220Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-02-12T20:31:21.408Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "matrix-media-repo",
          "vendor": "t2bot",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 1.3.5"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Matrix Media Repo (MMR) is a highly configurable multi-homeserver media repository for Matrix. MMR before version 1.3.5 is vulnerable to unbounded disk consumption, where an unauthenticated adversary can induce it to download and cache large amounts of remote media files. MMR\u0027s typical operating environment uses S3-like storage as a backend, with file-backed store as an alternative option. Instances using a file-backed store or those which self-host an S3 storage system are therefore vulnerable to a disk fill attack. Once the disk is full, authenticated users will be unable to upload new media, resulting in denial of service. For instances configured to use a cloud-based S3 storage option, this could result in high service fees instead of a denial of service. MMR 1.3.5 introduces a new default-on \"leaky bucket\" rate limit to reduce the amount of data a user can request at a time. This does not fully address the issue, but does limit an unauthenticated user\u0027s ability to request large amounts of data. Operators should note that the leaky bucket implementation introduced in MMR 1.3.5 requires the IP address associated with the request to be forwarded, to avoid mistakenly applying the rate limit to the reverse proxy instead. To avoid this issue, the reverse proxy should populate the X-Forwarded-For header when sending the request to MMR. Operators who cannot update may wish to lower the maximum file size they allow and implement harsh rate limits, though this can still lead to a large amount of data to be downloaded."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-770",
              "description": "CWE-770: Allocation of Resources Without Limits or Throttling",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-01-16T19:16:07.419Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/t2bot/matrix-media-repo/security/advisories/GHSA-vc2m-hw89-qjxf",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/t2bot/matrix-media-repo/security/advisories/GHSA-vc2m-hw89-qjxf"
        },
        {
          "name": "https://en.wikipedia.org/wiki/Leaky_bucket#As_a_meter",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://en.wikipedia.org/wiki/Leaky_bucket#As_a_meter"
        }
      ],
      "source": {
        "advisory": "GHSA-vc2m-hw89-qjxf",
        "discovery": "UNKNOWN"
      },
      "title": "Denial of service/high operating costs through unauthenticated downloads in Matrix Media Repo"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2024-36403",
    "datePublished": "2025-01-16T19:16:07.419Z",
    "dateReserved": "2024-05-27T15:59:57.030Z",
    "dateUpdated": "2025-02-12T20:31:21.408Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-20086 (GCVE-0-2025-20086)

Vulnerability from cvelistv5

Published

2025-01-15 16:49

Modified

2025-02-12 20:31

Severity ?

6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-1287 - Improper Validation of Specified Type of Input

Summary

Mattermost versions 10.2.x <= 10.2.0, 9.11.x <= 9.11.5, 10.0.x <= 10.0.3, 10.1.x <= 10.1.3 fail to properly validate post props which allows a malicious authenticated user to cause a crash via a malicious post.

References

►

URL

Tags

https://mattermost.com/security-updates

Impacted products

	Vendor	Product	Version
	Mattermost	Mattermost	Version: 10.2.0 ≤ Version: 9.11.0 ≤ 9.11.5 Version: 10.0.0 ≤ 10.0.3 Version: 10.1.0 ≤ 10.1.3

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-20086",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-01-15T19:20:52.723585Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-02-12T20:31:20.302Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Mattermost",
          "vendor": "Mattermost",
          "versions": [
            {
              "status": "affected",
              "version": "10.2.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "9.11.5",
              "status": "affected",
              "version": "9.11.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "10.0.3",
              "status": "affected",
              "version": "10.0.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "10.1.3",
              "status": "affected",
              "version": "10.1.0",
              "versionType": "semver"
            },
            {
              "status": "unaffected",
              "version": "10.3.0"
            },
            {
              "status": "unaffected",
              "version": "10.2.1"
            },
            {
              "status": "unaffected",
              "version": "9.11.6"
            },
            {
              "status": "unaffected",
              "version": "10.0.4"
            },
            {
              "status": "unaffected",
              "version": "10.1.4"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "c0rydoras (c0rydoras)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eMattermost versions 10.2.x \u0026lt;= 10.2.0, 9.11.x \u0026lt;= 9.11.5, 10.0.x \u0026lt;= 10.0.3, 10.1.x \u0026lt;= 10.1.3 fail to properly validate post props which allows a malicious authenticated user to cause a crash via a malicious post.\u003c/p\u003e"
            }
          ],
          "value": "Mattermost versions 10.2.x \u003c= 10.2.0, 9.11.x \u003c= 9.11.5, 10.0.x \u003c= 10.0.3, 10.1.x \u003c= 10.1.3 fail to properly validate post props which allows a malicious authenticated user to cause a crash via a malicious post."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-1287",
              "description": "CWE-1287: Improper Validation of Specified Type of Input",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-01-15T16:49:51.066Z",
        "orgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee",
        "shortName": "Mattermost"
      },
      "references": [
        {
          "url": "https://mattermost.com/security-updates"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eUpdate Mattermost to versions 10.3.0, 2.23.0, 10.2.1, 9.11.6, 10.0.4, 10.1.4 or higher.\u003c/p\u003e"
            }
          ],
          "value": "Update Mattermost to versions 10.3.0, 2.23.0, 10.2.1, 9.11.6, 10.0.4, 10.1.4 or higher."
        }
      ],
      "source": {
        "advisory": "MMSA-2025-00426",
        "defect": [
          "https://mattermost.atlassian.net/browse/MM-61376"
        ],
        "discovery": "EXTERNAL"
      },
      "title": "Insufficient Input Validation on Post Props",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee",
    "assignerShortName": "Mattermost",
    "cveId": "CVE-2025-20086",
    "datePublished": "2025-01-15T16:49:51.066Z",
    "dateReserved": "2025-01-14T00:19:35.055Z",
    "dateUpdated": "2025-02-12T20:31:20.302Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-56515 (GCVE-0-2024-56515)

Vulnerability from cvelistv5

Published

2025-01-16 19:11

Modified

2025-02-12 20:31

Severity ?

6.8 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N

CWE

CWE-502 - Deserialization of Untrusted Data

Summary

Matrix Media Repo (MMR) is a highly configurable multi-homeserver media repository for Matrix. If SVG or JPEGXL thumbnailers are enabled (they are disabled by default), a user may upload a file which claims to be either of these types and request a thumbnail to invoke a different decoder in ImageMagick. In some ImageMagick installations, this includes the capability to run Ghostscript to decode the image/file. If MP4 thumbnailers are enabled (also disabled by default), the same issue as above may occur with the ffmpeg installation instead. MMR uses a number of other decoders for all other file types when preparing thumbnails. Theoretical issues are possible with these decoders, however in testing they were not possible to exploit. This is fixed in MMR v1.3.8. MMR now inspects the mimetype of media prior to thumbnailing, and picks a thumbnailer based on those results instead of relying on user-supplied values. This may lead to fewer thumbnails when obscure file shapes are used. This also helps narrow scope of theoretical issues with all decoders MMR uses for thumbnails. Users are advised to upgrade. Users unable to upgrade may disable the SVG, JPEGXL, and MP4 thumbnail types in the MMR config which prevents the decoders from being invoked. Further disabling uncommon file types on the server is recommended to limit risk surface. Containers and other similar technologies may also be used to limit the impact of vulnerabilities in external decoders, like ImageMagick and ffmpeg. Some installations of ImageMagick may disable "unsafe" file types, like PDFs, already. This option can be replicated to other environments as needed. ffmpeg may be compiled with limited decoders/codecs. The Docker image for MMR disables PDFs and similar formats by default.

References

►

URL

Tags

	https://github.com/t2bot/matrix-media-repo/security/advisories/GHSA-rcxc-wjgw-579r	x_refsource_CONFIRM
	https://github.com/t2bot/matrix-media-repo/releases/tag/v1.3.8	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	t2bot	matrix-media-repo	Version: < 1.3.8

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-56515",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-01-16T20:10:20.442768Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-02-12T20:31:21.997Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "matrix-media-repo",
          "vendor": "t2bot",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 1.3.8"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Matrix Media Repo (MMR) is a highly configurable multi-homeserver media repository for Matrix. If SVG or JPEGXL thumbnailers are enabled (they are disabled by default), a user may upload a file which claims to be either of these types and request a thumbnail to invoke a different decoder in ImageMagick. In some ImageMagick installations, this includes the capability to run Ghostscript to decode the image/file. If MP4 thumbnailers are enabled (also disabled by default), the same issue as above may occur with the ffmpeg installation instead. MMR uses a number of other decoders for all other file types when preparing thumbnails. Theoretical issues are possible with these decoders, however in testing they were not possible to exploit. This is fixed in MMR v1.3.8. MMR now inspects the mimetype of media prior to thumbnailing, and picks a thumbnailer based on those results instead of relying on user-supplied values. This may lead to fewer thumbnails when obscure file shapes are used. This also helps narrow scope of theoretical issues with all decoders MMR uses for thumbnails. Users are advised to upgrade. Users unable to upgrade may disable the SVG, JPEGXL, and MP4 thumbnail types in the MMR config which prevents the decoders from being invoked. Further disabling uncommon file types on the server is recommended to limit risk surface. Containers and other similar technologies may also be used to limit the impact of vulnerabilities in external decoders, like ImageMagick and ffmpeg. Some installations of ImageMagick may disable \"unsafe\" file types, like PDFs, already. This option can be replicated to other environments as needed. ffmpeg may be compiled with limited decoders/codecs. The Docker image for MMR disables PDFs and similar formats by default."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.8,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-502",
              "description": "CWE-502: Deserialization of Untrusted Data",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-01-16T19:11:02.868Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/t2bot/matrix-media-repo/security/advisories/GHSA-rcxc-wjgw-579r",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/t2bot/matrix-media-repo/security/advisories/GHSA-rcxc-wjgw-579r"
        },
        {
          "name": "https://github.com/t2bot/matrix-media-repo/releases/tag/v1.3.8",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/t2bot/matrix-media-repo/releases/tag/v1.3.8"
        }
      ],
      "source": {
        "advisory": "GHSA-rcxc-wjgw-579r",
        "discovery": "UNKNOWN"
      },
      "title": "Untrusted file formats can be thumbnailed, invoking potentially further untrusted decoders in Matrix Media Repo"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2024-56515",
    "datePublished": "2025-01-16T19:11:02.868Z",
    "dateReserved": "2024-12-26T20:45:55.608Z",
    "dateUpdated": "2025-02-12T20:31:21.997Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-20088 (GCVE-0-2025-20088)

Vulnerability from cvelistv5

Published

2025-01-15 16:49

Modified

2025-02-12 20:31

Severity ?

6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-1287 - Improper Validation of Specified Type of Input

Summary

References

►

URL

Tags

https://mattermost.com/security-updates

Impacted products

	Vendor	Product	Version
	Mattermost	Mattermost	Version: 10.2.0 ≤ Version: 9.11.0 ≤ 9.11.5 Version: 10.0.0 ≤ 10.0.3 Version: 10.1.0 ≤ 10.1.3

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-20088",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-01-15T19:19:15.735224Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-02-12T20:31:20.164Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Mattermost",
          "vendor": "Mattermost",
          "versions": [
            {
              "status": "affected",
              "version": "10.2.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "9.11.5",
              "status": "affected",
              "version": "9.11.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "10.0.3",
              "status": "affected",
              "version": "10.0.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "10.1.3",
              "status": "affected",
              "version": "10.1.0",
              "versionType": "semver"
            },
            {
              "status": "unaffected",
              "version": "10.3.0"
            },
            {
              "status": "unaffected",
              "version": "10.2.1"
            },
            {
              "status": "unaffected",
              "version": "9.11.6"
            },
            {
              "status": "unaffected",
              "version": "10.0.4"
            },
            {
              "status": "unaffected",
              "version": "10.1.4"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "c0rydoras (c0rydoras)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eMattermost versions 10.2.x \u0026lt;= 10.2.0, 9.11.x \u0026lt;= 9.11.5, 10.0.x \u0026lt;= 10.0.3, 10.1.x \u0026lt;= 10.1.3 fail to properly validate post props which allows a malicious authenticated user to cause a crash via a malicious post.\u003c/p\u003e"
            }
          ],
          "value": "Mattermost versions 10.2.x \u003c= 10.2.0, 9.11.x \u003c= 9.11.5, 10.0.x \u003c= 10.0.3, 10.1.x \u003c= 10.1.3 fail to properly validate post props which allows a malicious authenticated user to cause a crash via a malicious post."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-1287",
              "description": "CWE-1287: Improper Validation of Specified Type of Input",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-01-15T16:49:51.532Z",
        "orgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee",
        "shortName": "Mattermost"
      },
      "references": [
        {
          "url": "https://mattermost.com/security-updates"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eUpdate Mattermost to versions 10.3.0, 2.23.0, 10.2.1, 9.11.6, 10.0.4, 10.1.4 or higher.\u003c/p\u003e"
            }
          ],
          "value": "Update Mattermost to versions 10.3.0, 2.23.0, 10.2.1, 9.11.6, 10.0.4, 10.1.4 or higher."
        }
      ],
      "source": {
        "advisory": "MMSA-2025-00425",
        "defect": [
          "https://mattermost.atlassian.net/browse/MM-61378"
        ],
        "discovery": "EXTERNAL"
      },
      "title": "Insufficient Input Validation on Post Props",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee",
    "assignerShortName": "Mattermost",
    "cveId": "CVE-2025-20088",
    "datePublished": "2025-01-15T16:49:51.532Z",
    "dateReserved": "2025-01-14T00:19:35.032Z",
    "dateUpdated": "2025-02-12T20:31:20.164Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-52594 (GCVE-0-2024-52594)

Vulnerability from cvelistv5

Published

2025-01-16 18:57

Modified

2025-02-12 20:31

Severity ?

4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CWE

CWE-918 - Server-Side Request Forgery (SSRF)

Summary

Gomatrixserverlib is a Go library for matrix federation. Gomatrixserverlib is vulnerable to server-side request forgery, serving content from a private network it can access, under certain conditions. The commit `c4f1e01` fixes this issue. Users are advised to upgrade. Users unable to upgrade should use a local firewall to limit the network segments and hosts the service using gomatrixserverlib can access.

References

►

URL

Tags

	https://github.com/matrix-org/gomatrixserverlib/security/advisories/GHSA-4ff6-858j-r822	x_refsource_CONFIRM
	https://github.com/matrix-org/gomatrixserverlib/commit/c4f1e01eab0dd435709ad15463ed38a079ad6128	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	matrix-org	gomatrixserverlib	Version: < c4f1e01eab0dd435709ad15463ed38a079ad6128

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-52594",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-01-16T19:17:09.755920Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-02-12T20:31:20.951Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "gomatrixserverlib",
          "vendor": "matrix-org",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c c4f1e01eab0dd435709ad15463ed38a079ad6128"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Gomatrixserverlib is a Go library for matrix federation. Gomatrixserverlib is vulnerable to server-side request forgery, serving content from a private network it can access, under certain conditions. The commit `c4f1e01` fixes this issue. Users are advised to upgrade. Users unable to upgrade should use a local firewall to limit the network segments and hosts the service using gomatrixserverlib can access."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-918",
              "description": "CWE-918: Server-Side Request Forgery (SSRF)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-01-16T18:57:29.333Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/matrix-org/gomatrixserverlib/security/advisories/GHSA-4ff6-858j-r822",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/matrix-org/gomatrixserverlib/security/advisories/GHSA-4ff6-858j-r822"
        },
        {
          "name": "https://github.com/matrix-org/gomatrixserverlib/commit/c4f1e01eab0dd435709ad15463ed38a079ad6128",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/matrix-org/gomatrixserverlib/commit/c4f1e01eab0dd435709ad15463ed38a079ad6128"
        }
      ],
      "source": {
        "advisory": "GHSA-4ff6-858j-r822",
        "discovery": "UNKNOWN"
      },
      "title": "Server-Side Request Forgery (SSRF) on redirects and federation in gomatrixserverlib"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2024-52594",
    "datePublished": "2025-01-16T18:57:29.333Z",
    "dateReserved": "2024-11-14T15:05:46.768Z",
    "dateUpdated": "2025-02-12T20:31:20.951Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-36402 (GCVE-0-2024-36402)

Vulnerability from cvelistv5

Published

2025-01-16 19:19

Modified

2025-02-12 20:31

Severity ?

5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

CWE

CWE-287 - Improper Authentication

Summary

Matrix Media Repo (MMR) is a highly configurable multi-homeserver media repository for Matrix. MMR before version 1.3.5 allows, by design, unauthenticated remote participants to trigger a download and caching of remote media from a remote homeserver to the local media repository. Such content then also becomes available for download from the local homeserver in an unauthenticated way. The implication is that unauthenticated remote adversaries can use this functionality to plant problematic content into the media repository. MMR 1.3.5 introduces a partial mitigation in the form of new endpoints which require authentication for media downloads. The unauthenticated endpoints will be frozen in a future release, closing the attack vector. Though extremely limited, server operators can use more strict rate limits based on IP address as a partial workaround.

References

►

URL

Tags

	https://github.com/t2bot/matrix-media-repo/security/advisories/GHSA-8vmr-h7h5-cqhg	x_refsource_CONFIRM
	https://github.com/matrix-org/matrix-spec-proposals/pull/3916	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	t2bot	matrix-media-repo	Version: < 1.3.5

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-36402",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-01-16T19:52:36.257441Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-02-12T20:31:21.273Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "matrix-media-repo",
          "vendor": "t2bot",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 1.3.5"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Matrix Media Repo (MMR) is a highly configurable multi-homeserver media repository for Matrix. MMR before version 1.3.5 allows, by design, unauthenticated remote participants to trigger a download and caching of remote media from a remote homeserver to the local media repository. Such content then also becomes available for download from the local homeserver in an unauthenticated way. The implication is that unauthenticated remote adversaries can use this functionality to plant problematic content into the media repository. MMR 1.3.5 introduces a partial mitigation in the form of new endpoints which require authentication for media downloads. The unauthenticated endpoints will be frozen in a future release, closing the attack vector. Though extremely limited, server operators can use more strict rate limits based on IP address as a partial workaround."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-287",
              "description": "CWE-287: Improper Authentication",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-01-16T19:19:19.373Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/t2bot/matrix-media-repo/security/advisories/GHSA-8vmr-h7h5-cqhg",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/t2bot/matrix-media-repo/security/advisories/GHSA-8vmr-h7h5-cqhg"
        },
        {
          "name": "https://github.com/matrix-org/matrix-spec-proposals/pull/3916",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/matrix-org/matrix-spec-proposals/pull/3916"
        }
      ],
      "source": {
        "advisory": "GHSA-8vmr-h7h5-cqhg",
        "discovery": "UNKNOWN"
      },
      "title": "Unauthenticated writes to the media repository allow planting of problematic content in Matrix Media Repo"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2024-36402",
    "datePublished": "2025-01-16T19:19:19.373Z",
    "dateReserved": "2024-05-27T15:59:57.030Z",
    "dateUpdated": "2025-02-12T20:31:21.273Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-20621 (GCVE-0-2025-20621)

Vulnerability from cvelistv5

Published

2025-01-16 18:16

Modified

2025-01-16 18:57

Severity ?

6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-1287 - Improper Validation of Specified Type of Input

Summary

Mattermost versions 10.2.x <= 10.2.0, 9.11.x <= 9.11.5, 10.0.x <= 10.0.3, 10.1.x <= 10.1.3 fail to properly handle posts with attachments containing fields that cannot be cast to a String, which allows an attacker to cause the webapp to crash via creating and sending such a post to a channel.

References

►

URL

Tags

https://mattermost.com/security-updates

Impacted products

	Vendor	Product	Version
	Mattermost	Mattermost	Version: 10.2.0 ≤ 10.2.0 Version: 9.11.0 ≤ 9.11.5 Version: 10.0.0 ≤ 10.0.3 Version: 10.1.0 ≤ 10.1.3

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-20621",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-01-16T18:56:53.748130Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-01-16T18:57:02.927Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Mattermost",
          "vendor": "Mattermost",
          "versions": [
            {
              "lessThanOrEqual": "10.2.0",
              "status": "affected",
              "version": "10.2.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "9.11.5",
              "status": "affected",
              "version": "9.11.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "10.0.3",
              "status": "affected",
              "version": "10.0.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "10.1.3",
              "status": "affected",
              "version": "10.1.0",
              "versionType": "semver"
            },
            {
              "status": "unaffected",
              "version": "10.3.0"
            },
            {
              "status": "unaffected",
              "version": "2.23.0"
            },
            {
              "status": "unaffected",
              "version": "10.2.1"
            },
            {
              "status": "unaffected",
              "version": "9.11.6"
            },
            {
              "status": "unaffected",
              "version": "10.0.4"
            },
            {
              "status": "unaffected",
              "version": "10.1.4"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "c0rydoras (c0rydoras)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Mattermost versions 10.2.x \u0026lt;= 10.2.0, 9.11.x \u0026lt;= 9.11.5, 10.0.x \u0026lt;= 10.0.3, 10.1.x \u0026lt;= 10.1.3 fail to properly handle posts with attachments containing fields that cannot be cast to a String, which allows an attacker to cause the webapp to crash via creating and sending such a post to a channel."
            }
          ],
          "value": "Mattermost versions 10.2.x \u003c= 10.2.0, 9.11.x \u003c= 9.11.5, 10.0.x \u003c= 10.0.3, 10.1.x \u003c= 10.1.3 fail to properly handle posts with attachments containing fields that cannot be cast to a String, which allows an attacker to cause the webapp to crash via creating and sending such a post to a channel."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-1287",
              "description": "CWE-1287: Improper Validation of Specified Type of Input",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-01-16T18:16:28.042Z",
        "orgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee",
        "shortName": "Mattermost"
      },
      "references": [
        {
          "url": "https://mattermost.com/security-updates"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eUpdate Mattermost to versions 10.3.0, 2.23.0, 10.2.1, 9.11.6, 10.0.4, 10.1.4 or higher.\u003c/p\u003e"
            }
          ],
          "value": "Update Mattermost to versions 10.3.0, 2.23.0, 10.2.1, 9.11.6, 10.0.4, 10.1.4 or higher."
        }
      ],
      "source": {
        "advisory": "MMSA-2024-00390",
        "defect": [
          "https://mattermost.atlassian.net/browse/MM-61161"
        ],
        "discovery": "EXTERNAL"
      },
      "title": "Webapp crash via object that can\u0027t be cast to String in Attachment Field",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee",
    "assignerShortName": "Mattermost",
    "cveId": "CVE-2025-20621",
    "datePublished": "2025-01-16T18:16:28.042Z",
    "dateReserved": "2025-01-16T18:10:41.926Z",
    "dateUpdated": "2025-01-16T18:57:02.927Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-52791 (GCVE-0-2024-52791)

Vulnerability from cvelistv5

Published

2025-01-16 19:12

Modified

2025-02-12 20:31

Severity ?

5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

CWE

CWE-789 - Memory Allocation with Excessive Size Value

Summary

Matrix Media Repo (MMR) is a highly configurable multi-homeserver media repository for Matrix. MMR makes requests to other servers as part of normal operation, and these resource owners can return large amounts of JSON back to MMR for parsing. In parsing, MMR can consume large amounts of memory and exhaust available memory. This is fixed in MMR v1.3.8. Users are advised to upgrade. For users unable to upgrade; forward proxies can be configured to block requests to unsafe hosts. Alternatively, MMR processes can be configured with memory limits and auto-restart. Running multiple MMR processes concurrently can help ensure a restart does not overly impact users.

References

►

URL

Tags

	https://github.com/t2bot/matrix-media-repo/security/advisories/GHSA-gp86-q8hg-fpxj	x_refsource_CONFIRM
	https://github.com/t2bot/matrix-media-repo/releases/tag/v1.3.8	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	t2bot	matrix-media-repo	Version: < 1.3.8

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-52791",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-01-16T19:58:44.951492Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-02-12T20:31:21.849Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "matrix-media-repo",
          "vendor": "t2bot",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 1.3.8"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Matrix Media Repo (MMR) is a highly configurable multi-homeserver media repository for Matrix. MMR makes requests to other servers as part of normal operation, and these resource owners can return large amounts of JSON back to MMR for parsing. In parsing, MMR can consume large amounts of memory and exhaust available memory. This is fixed in MMR v1.3.8. Users are advised to upgrade. For users unable to upgrade; forward proxies can be configured to block requests to unsafe hosts. Alternatively, MMR processes can be configured with memory limits and auto-restart. Running multiple MMR processes concurrently can help ensure a restart does not overly impact users."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-789",
              "description": "CWE-789: Memory Allocation with Excessive Size Value",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-01-16T19:12:25.853Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/t2bot/matrix-media-repo/security/advisories/GHSA-gp86-q8hg-fpxj",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/t2bot/matrix-media-repo/security/advisories/GHSA-gp86-q8hg-fpxj"
        },
        {
          "name": "https://github.com/t2bot/matrix-media-repo/releases/tag/v1.3.8",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/t2bot/matrix-media-repo/releases/tag/v1.3.8"
        }
      ],
      "source": {
        "advisory": "GHSA-gp86-q8hg-fpxj",
        "discovery": "UNKNOWN"
      },
      "title": "Denial of service through memory exhaustion in Matrix Media Repo"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2024-52791",
    "datePublished": "2025-01-16T19:12:25.853Z",
    "dateReserved": "2024-11-15T17:11:13.438Z",
    "dateUpdated": "2025-02-12T20:31:21.849Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-52602 (GCVE-0-2024-52602)

Vulnerability from cvelistv5

Published

2025-01-16 19:14

Modified

2025-02-12 20:31

Severity ?

5.0 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N

CWE

CWE-918 - Server-Side Request Forgery (SSRF)

Summary

Matrix Media Repo (MMR) is a highly configurable multi-homeserver media repository for Matrix. Matrix Media Repo (MMR) is vulnerable to server-side request forgery, serving content from a private network it can access, under certain conditions. This is fixed in MMR v1.3.8. Users are advised to upgrade. Restricting which hosts MMR is allowed to contact via (local) firewall rules or a transparent proxy and may provide a workaround for users unable to upgrade.

References

►

URL

Tags

	https://github.com/t2bot/matrix-media-repo/security/advisories/GHSA-r6jg-jfv6-2fjv	x_refsource_CONFIRM
	https://github.com/t2bot/matrix-media-repo/releases/tag/v1.3.8	x_refsource_MISC
	https://learn.snyk.io/lesson/ssrf-server-side-request-forgery	x_refsource_MISC
	https://owasp.org/www-community/attacks/Server_Side_Request_Forgery	x_refsource_MISC
	https://www.agwa.name/blog/post/preventing_server_side_request_forgery_in_golang	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	t2bot	matrix-media-repo	Version: < 1.3.8

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-52602",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-01-16T19:56:56.495913Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-02-12T20:31:21.571Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "matrix-media-repo",
          "vendor": "t2bot",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 1.3.8"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Matrix Media Repo (MMR) is a highly configurable multi-homeserver media repository for Matrix. Matrix Media Repo (MMR) is vulnerable to server-side request forgery, serving content from a private network it can access, under certain conditions. This is fixed in MMR v1.3.8. Users are advised to upgrade. Restricting which hosts MMR is allowed to contact via (local) firewall rules or a transparent proxy and may provide a workaround for users unable to upgrade."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-918",
              "description": "CWE-918: Server-Side Request Forgery (SSRF)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-01-16T19:14:46.822Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/t2bot/matrix-media-repo/security/advisories/GHSA-r6jg-jfv6-2fjv",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/t2bot/matrix-media-repo/security/advisories/GHSA-r6jg-jfv6-2fjv"
        },
        {
          "name": "https://github.com/t2bot/matrix-media-repo/releases/tag/v1.3.8",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/t2bot/matrix-media-repo/releases/tag/v1.3.8"
        },
        {
          "name": "https://learn.snyk.io/lesson/ssrf-server-side-request-forgery",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://learn.snyk.io/lesson/ssrf-server-side-request-forgery"
        },
        {
          "name": "https://owasp.org/www-community/attacks/Server_Side_Request_Forgery",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://owasp.org/www-community/attacks/Server_Side_Request_Forgery"
        },
        {
          "name": "https://www.agwa.name/blog/post/preventing_server_side_request_forgery_in_golang",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.agwa.name/blog/post/preventing_server_side_request_forgery_in_golang"
        }
      ],
      "source": {
        "advisory": "GHSA-r6jg-jfv6-2fjv",
        "discovery": "UNKNOWN"
      },
      "title": "Server-Side Request Forgery (SSRF) on redirects and federation in Matrix Media Repo"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2024-52602",
    "datePublished": "2025-01-16T19:14:46.822Z",
    "dateReserved": "2024-11-14T15:05:46.771Z",
    "dateUpdated": "2025-02-12T20:31:21.571Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

opensuse-su-2025:14704-1

Vulnerability from csaf_opensuse

CVE-2025-21088 (GCVE-0-2025-21088)

Vulnerability from cvelistv5

CVE-2024-36403 (GCVE-0-2024-36403)

Vulnerability from cvelistv5

CVE-2025-20086 (GCVE-0-2025-20086)

Vulnerability from cvelistv5

CVE-2024-56515 (GCVE-0-2024-56515)

Vulnerability from cvelistv5

CVE-2025-20088 (GCVE-0-2025-20088)

Vulnerability from cvelistv5

CVE-2024-52594 (GCVE-0-2024-52594)

Vulnerability from cvelistv5

CVE-2024-36402 (GCVE-0-2024-36402)

Vulnerability from cvelistv5

CVE-2025-20621 (GCVE-0-2025-20621)

Vulnerability from cvelistv5

CVE-2024-52791 (GCVE-0-2024-52791)

Vulnerability from cvelistv5

CVE-2024-52602 (GCVE-0-2024-52602)

Vulnerability from cvelistv5

Tags

Sightings

Nomenclature