URL Redirection to Untrusted Site ('Open Redirect')

CVE-2021-21392

Medium

6.3/10

Summary

Synapse is a Matrix reference homeserver written in python (pypi package matrix-synapse). Matrix is an ecosystem for open federated Instant Messaging and VoIP. In Synapse before version 1.28.0.rc1 requests to user provided domains were not restricted to external IP addresses when transitional IPv6 addresses were used. Outbound requests to federation, identity servers, when calculating the key validity for third-party invite events, sending push notifications, and generating URL previews are affected. This could cause Synapse to make requests to internal infrastructure on dual-stack networks. See referenced GitHub security advisory for details and workarounds.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: HIGH
Scope: UNCHANGED
User Interaction: REQUIRED
Privileges Required: LOW
Confidentiality Impact: LOW
Availability Impact: NONE

CWE-601 - Open Redirect

An open redirect attack employs a URL parameter, HTML refresh tags, or a DOM based location change to exploit the trust of a vulnerable domain to direct the users to a malicious website. The attack could lead to higher severity vulnerabilities such as unauthorized access control, account takeover, XSS, and more.

References

Advisory Timeline

Published Apr 12, 2021

URL Redirection to Untrusted Site ('Open Redirect')

CVE-2021-21392

Summary

CWE-601 - Open Redirect

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS