FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

dendrite -- Incorrect parsing of the event default power level in event auth

Affected packages
dendrite < 0.9.3


VuXML ID d658042c-1c98-11ed-95f8-901b0e9408dc
Discovery 2022-08-15
Entry 2022-08-15
Modified 2022-08-25

Dendrite team reports:

The power level parsing within gomatrixserverlib was failing to parse the "events_default" key of the event, defaulting the event default power level to zero in all cases.

In rooms where the "events_default" power level had been changed, this could result in events either being incorrectly authorised or rejected by Dendrite servers.


CVE Name CVE-2022-36009