5 matches found
CVE-2024-39691
matrix-appservice-irc is a Node.js IRC bridge for the Matrix messaging protocol. The fix for GHSA-wm4w-7h2q-3pf7 / CVE-2024-32000 included in matrix-appservice-irc 2.0.0 relied on the Matrix homeserver-provided timestamp to determine whether a user has access to the event they're replying to when...
CVE-2024-39691
creationtimestamp| type| source ---|---|--- 2024-07-05 22:06:55+00:00| seen| https://t.me/cvedetector/128...
CVE-2024-39691 Malicious Matrix homeserver can leak truncated message content of messages it shouldn't have access to
matrix-appservice-irc is a Node.js IRC bridge for the Matrix messaging protocol. The fix for GHSA-wm4w-7h2q-3pf7 / CVE-2024-32000 included in matrix-appservice-irc 2.0.0 relied on the Matrix homeserver-provided timestamp to determine whether a user has access to the event they're replying to when...
CVE-2024-39691 Malicious Matrix homeserver can leak truncated message content of messages it shouldn't have access to
matrix-appservice-irc is a Node.js IRC bridge for the Matrix messaging protocol. The fix for GHSA-wm4w-7h2q-3pf7 / CVE-2024-32000 included in matrix-appservice-irc 2.0.0 relied on the Matrix homeserver-provided timestamp to determine whether a user has access to the event they're replying to when...
CVE-2024-39691
CVE-2024-39691 affects matrix-appservice-irc, a Node.js IRC bridge for Matrix. Before version 2.0.1, the bridge used the Matrix homeserver-provided timestamp (origin_server_ts) to decide if a user could see the event being replied to. A malicious homeserver could fabricate this timestamp, causing...