Severity: Medium
Date : 2021-06-22
CVE-ID : CVE-2021-32659
Package : matrix-appservice-irc
Type : insufficient validation
Remote : Yes
Link : https://security.archlinux.org/AVG-2076
The package matrix-appservice-irc before version 0.27.0-1 is vulnerable
to insufficient validation.
Upgrade to 0.27.0-1.
The problem has been fixed upstream in version 0.27.0.
As a workaround, disabling the automatic room upgrade handling can be
done by removing the roomUpgradeOpts
key from the Bridge
class
options.
In versions 2.6.0 and earlier of matrix-appservice-bridge, as included
in matrix-appservice-irc before version 0.27.0, if a bridge has room
upgrade handling turned on in the configuration (the roomUpgradeOpts
key when instantiating a new Bridge
instance.), any
m.room.tombstone
event it encounters will be used to unbridge the
current room and bridge into the target room. However, the target room
m.room.create
event is not checked to verify if the predecessor
field contains the previous room. This means that any malicious admin
of a bridged room can repoint the traffic to a different room without
the new room being aware. Versions 2.6.1 and greater are patched. As a
workaround, disabling the automatic room upgrade handling can be done
by removing the roomUpgradeOpts
key from the Bridge
class options.
A malicious admin of a bridged room can repoint the traffic to a
different room without the new room being aware.
https://github.com/matrix-org/matrix-appservice-bridge/security/advisories/GHSA-35g4-qx3c-vjhx
https://github.com/matrix-org/matrix-appservice-irc/releases/tag/0.27.0
https://github.com/matrix-org/matrix-appservice-bridge/pull/330
https://github.com/matrix-org/matrix-appservice-bridge/commit/b69e745584a34fcfd858df33e4631e420da07b9f
https://security.archlinux.org/CVE-2021-32659
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ArchLinux | any | any | matrix-appservice-irc | < 0.27.0-1 | UNKNOWN |
github.com/matrix-org/matrix-appservice-bridge/commit/b69e745584a34fcfd858df33e4631e420da07b9f
github.com/matrix-org/matrix-appservice-bridge/pull/330
github.com/matrix-org/matrix-appservice-bridge/security/advisories/GHSA-35g4-qx3c-vjhx
github.com/matrix-org/matrix-appservice-irc/releases/tag/0.27.0
security.archlinux.org/AVG-2076
security.archlinux.org/CVE-2021-32659