Miggo Logo

CVE-2021-41281: Path traversal in Matrix Synapse

7.5

CVSS Score
3.1

Basic Information

EPSS Score
0.66906%
Published
11/23/2021
Updated
9/24/2024
KEV Status
No
Technology
TechnologyPython

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Package NameEcosystemVulnerable VersionsFirst Patched Version
matrix-synapsepip< 1.47.11.47.1

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stemmed from insufficient validation when constructing file paths from user-controlled inputs. Key evidence includes:

  1. The patch added _validate_path_component checks to all path-building methods in MediaFilePaths
  2. Server name validation was added to parse_media_id
  3. Pre-patch code directly used raw server_name/file_id in os.path.join without sanitization
  4. The CWE-22 classification confirms path traversal via uncontrolled path elements
  5. Commit message explicitly mentions preventing writes outside configured directories

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

### Imp**t Syn*ps* inst*n**s wit* t** m**i* r*pository *n**l** **n ** tri*k** into *ownlo**in* * *il* *rom * r*mot* s*rv*r into *n *r*itr*ry *ir**tory, pot*nti*lly outsi** t** m**i* stor* *ir**tory. T** l*st two *ir**tori*s *n* *il* n*m* o* t** p*t

Reasoning

T** vuln*r**ility st*mm** *rom insu**i*i*nt v*li**tion w**n *onstru*tin* *il* p*t*s *rom us*r-*ontroll** inputs. K*y *vi**n** in*lu**s: *. T** p*t** ***** _v*li**t*_p*t*_*ompon*nt ****ks to *ll p*t*-*uil*in* m*t*o*s in M**i**il*P*t*s *. S*rv*r n*m* v