{"id":"GHSA-gwf7-vfjf-wf6x","summary":"matrix-sydent and matrix-synapse Use Cryptographically Weak PRNG","details":"An issue was discovered in Matrix Sydent before 1.0.3 and Synapse before 0.99.3.1. Random number generation is mishandled, which makes it easier for attackers to predict a Sydent authentication token or a Synapse random ID.","aliases":["CVE-2019-11842","PYSEC-2019-185"],"modified":"2024-09-30T20:38:01.214493Z","published":"2022-05-24T16:45:24Z","database_specific":{"github_reviewed_at":"2022-07-27T21:34:46Z","nvd_published_at":"2019-05-09T18:29:00Z","cwe_ids":["CWE-338"],"github_reviewed":true,"severity":"HIGH"},"references":[{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2019-11842"},{"type":"ADVISORY","url":"https://github.com/advisories/GHSA-gwf7-vfjf-wf6x"},{"type":"WEB","url":"https://github.com/pypa/advisory-database/tree/main/vulns/matrix-synapse/PYSEC-2019-185.yaml"},{"type":"WEB","url":"https://matrix.org/blog/2019/05/03/security-updates-sydent-1-0-3-synapse-0-99-3-1-and-riot-android-0-9-0-0-8-99-0-8-28-a"}],"affected":[{"package":{"name":"matrix-sydent","ecosystem":"PyPI","purl":"pkg:pypi/matrix-sydent"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.0.3"}]}],"database_specific":{"source":"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-gwf7-vfjf-wf6x/GHSA-gwf7-vfjf-wf6x.json"}},{"package":{"name":"matrix-synapse","ecosystem":"PyPI","purl":"pkg:pypi/matrix-synapse"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.99.3.1"}]}],"versions":["0.33.5","0.33.5.1","0.33.6","0.33.6rc1","0.33.7","0.33.7rc1","0.33.7rc2","0.33.8","0.33.8rc2","0.33.9","0.34.0","0.34.0.1","0.34.0rc1","0.34.0rc2","0.34.1.1","0.99.0","0.99.0rc1","0.99.0rc2","0.99.0rc3","0.99.0rc4","0.99.1","0.99.1.1","0.99.1rc1","0.99.1rc2","0.99.2","0.99.2rc1","0.99.3","0.99.3rc1"],"database_specific":{"source":"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-gwf7-vfjf-wf6x/GHSA-gwf7-vfjf-wf6x.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"type":"CVSS_V4","score":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"}]}