Filtered by vendor Continuwuity
Subscriptions
Total
1 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-68667 | 1 Continuwuity | 1 Continuwuity | 2025-12-24 | N/A |
| continuwuity is a Matrix homeserver written in Rust. Prior to version 0.5.0, this vulnerability allows a remote, unauthenticated attacker to force the target server to cryptographically sign arbitrary membership events. The flaw exists because the server fails to validate the origin of a signing request, provided the event's state_key is a valid user ID belonging to the target server. This issue has been patched in version 0.5.0. A workaround for this issue involves blocking access to the PUT /_matrix/federation/v2/invite/{roomId}/{eventId} endpoint using the reverse proxy. | ||||
Page 1 of 1.