CVE-2024-53867
📋 TL;DR
This vulnerability in Synapse's Sliding Sync feature allows users who have left a room to still receive partial room state updates, potentially exposing sensitive configuration changes. It affects Synapse homeservers running versions 1.113.0rc1 through 1.120.0. Only room state events (like permissions changes) are leaked, not message content.
💻 Affected Systems
- Synapse (Matrix homeserver)
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Former room members could monitor sensitive administrative changes like permission modifications, room encryption settings, or room metadata changes after leaving.
Likely Case
Limited information disclosure where former members see minor room configuration changes they shouldn't have access to.
If Mitigated
Minimal impact as only partial state changes are exposed, not message content or full room history.
🎯 Exploit Status
Exploitation requires: 1) Sliding Sync enabled, 2) User who has left a room, 3) Room state changes occurring after user departure.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 1.120.1
Vendor Advisory: https://github.com/element-hq/synapse/security/advisories/GHSA-56w4-5538-8v8h
Restart Required: Yes
Instructions:
1. Backup your Synapse configuration and database. 2. Update Synapse to version 1.120.1 or later using your package manager or pip. 3. Restart the Synapse service. 4. Verify the update was successful.
🔧 Temporary Workarounds
Disable Sliding Sync
allTemporarily disable the Sliding Sync feature until patching is possible
Edit Synapse config: set 'experimental_features.sliding_sync_enabled: false'
Restart Synapse service
🧯 If You Can't Patch
- Disable Sliding Sync feature in configuration
- Monitor for unusual room state access patterns and audit room membership changes
🔍 How to Verify
Check if Vulnerable:
Check Synapse version: if between 1.113.0rc1 and 1.120.0 with Sliding Sync enabled, you are vulnerable.Check Version:
Run: python -c "import synapse; print(synapse.__version__)" or check server logs for versionVerify Fix Applied:
Verify Synapse version is 1.120.1 or later and Sliding Sync is functioning normally.📡 Detection & Monitoring
Log Indicators:
- Unusual Sliding Sync requests from users not in rooms
- Room state change events followed by sync requests from departed users
Network Indicators:
- Increased Sliding Sync traffic patterns inconsistent with room membership
SIEM Query:
source="synapse" AND "sliding_sync" AND user_id NOT IN room_members