Lucene search
K

3662 matches found

Github Security Blog
Github Security Blog
added 2022/09/15 3:26 a.m.34 views

Parsing issue in matrix-org/node-irc leading to room takeovers

Impact Attackers can specify a specific string of characters, which would confuse the bridge into combining an attacker-owned channel and an existing channel, allowing them to grant themselves permissions in the channel. Patched The vulnerability has been patched in matrix-appservice-irc 0.35.0...

8.8CVSS8.3AI score0.00717EPSS
Exploits0References4Affected Software1
Veracode
Veracode
added 2022/09/14 8:57 a.m.17 views

Privilege Escalation

matrix-appservice-irc is vulnerable to privilege escalation. The vulnerability exists in the DEFAULTCONFIG function in IrcServer.ts due to improper validation of user rights, allowing an attacker to elevate privileges...

6.3CVSS6.2AI score0.00681EPSS
Exploits0References5Affected Software1
NVD
NVD
added 2022/09/13 6:15 p.m.57 views

CVE-2022-39202

matrix-appservice-irc is an open source Node.js IRC bridge for Matrix. The Internet Relay Chat IRC protocol allows you to specify multiple modes in a single mode command. Due to a bug in the underlying matrix-org/node-irc library, affected versions of matrix-appservice-irc perform parsing of such...

6.3CVSS0.00681EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2022/09/13 6:15 p.m.7 views

CVE-2022-39203 Parsing issue in matrix-org/node-irc leading to room takeovers

matrix-appservice-irc is an open source Node.js IRC bridge for Matrix. Attackers can specify a specific string of characters, which would confuse the bridge into combining an attacker-owned channel and an existing channel, allowing them to grant themselves permissions in the channel. The...

8.8CVSS8.6AI score0.00717EPSS
Exploits0References2
CVE
CVE
added 2022/09/13 6:15 p.m.65 views

CVE-2022-39203

The CVE-2022-39203 entry concerns matrix-appservice-irc (Matrix’s Node.js IRC bridge). A crafted string can cause the bridge to merge an attacker-owned channel with an existing channel, enabling the attacker to grant themselves channel permissions. This has been fixed in matrix-appservice-irc ver...

8.8CVSS8.6AI score0.00717EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2022/09/13 6:15 p.m.33 views

CVE-2022-39203 Parsing issue in matrix-org/node-irc leading to room takeovers

matrix-appservice-irc is an open source Node.js IRC bridge for Matrix. Attackers can specify a specific string of characters, which would confuse the bridge into combining an attacker-owned channel and an existing channel, allowing them to grant themselves permissions in the channel. The...

8.8CVSS8.8AI score0.00717EPSS
Exploits0References2
Prion
Prion
added 2022/09/13 6:15 p.m.17 views

Command injection

matrix-appservice-irc is an open source Node.js IRC bridge for Matrix. The Internet Relay Chat IRC protocol allows you to specify multiple modes in a single mode command. Due to a bug in the underlying matrix-org/node-irc library, affected versions of matrix-appservice-irc perform parsing of such...

6.8CVSS6.4AI score0.00681EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2022/09/13 6:10 p.m.52 views

CVE-2022-39202

CVE-2022-39202 affects matrix-appservice-irc, a Node.js IRC bridge for Matrix. A bug in the underlying matrix-org/node-irc library can cause IRC mode commands with multiple modes to be parsed incorrectly, potentially granting privileges to the wrong user. Exploitation requires the attacker to tri...

6.3CVSS5.5AI score0.00681EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2022/09/13 6:10 p.m.55 views

CVE-2022-39202 IRC mode parameter confusion in matrix-appservice-irc

matrix-appservice-irc is an open source Node.js IRC bridge for Matrix. The Internet Relay Chat IRC protocol allows you to specify multiple modes in a single mode command. Due to a bug in the underlying matrix-org/node-irc library, affected versions of matrix-appservice-irc perform parsing of such...

4.3CVSS6.7AI score0.00681EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2022/09/13 6:10 p.m.7 views

CVE-2022-39202 IRC mode parameter confusion in matrix-appservice-irc

matrix-appservice-irc is an open source Node.js IRC bridge for Matrix. The Internet Relay Chat IRC protocol allows you to specify multiple modes in a single mode command. Due to a bug in the underlying matrix-org/node-irc library, affected versions of matrix-appservice-irc perform parsing of such...

4.3CVSS6.5AI score0.00681EPSS
Exploits0References3
OSV
OSV
added 2022/09/13 6:10 p.m.30 views

CVE-2022-39202 IRC mode parameter confusion in matrix-appservice-irc

matrix-appservice-irc is an open source Node.js IRC bridge for Matrix. The Internet Relay Chat IRC protocol allows you to specify multiple modes in a single mode command. Due to a bug in the underlying matrix-org/node-irc library, affected versions of matrix-appservice-irc perform parsing of such...

4.3CVSS6.5AI score0.00681EPSS
Exploits0References5
Veracode
Veracode
added 2022/09/13 6:3 a.m.31 views

Signature Verification Bypass

github.com/matrix-org/dendrite is vulnerable to signature verification bypass. A remote attacker is able to provide invalid or modified malicious events to spread via an endpoint because the events retrieved from a remote homeserver using the /getmissingevents path does not verify their signature...

7.3CVSS5.5AI score0.003EPSS
Exploits0References2Affected Software2
Positive Technologies
Positive Technologies
added 2022/09/13 12:0 a.m.5 views

PT-2022-24804 · Unknown · Matrix-Appservice-Irc

Name of the Vulnerable Software and Affected Versions: matrix-appservice-irc versions prior to 0.35.0 Description: The issue allows attackers to specify a specific string of characters, which would confuse the bridge into combining an attacker-owned channel and an existing channel, allowing them ...

8.8CVSS8.5AI score0.00717EPSS
Exploits0References7
CNNVD
CNNVD
added 2022/09/13 12:0 a.m.6 views

Matrix matrix-appservice-irc 资源管理错误漏洞

matrix-appservice-irc is a bridge for Matrix. This bridge passes all IRC messages to Matrix and all Matrix messages to IRC. A resource management error vulnerability exists in Matrix matrix-appservice-irc prior to version 0.35.0, which can be exploited by an attacker to specify a specific string,...

8.8CVSS7.8AI score0.00717EPSS
Exploits0References3
CNNVD
CNNVD
added 2022/09/13 12:0 a.m.32 views

Matrix matrix-appservice-irc 资源管理错误漏洞

matrix-appservice-irc is a bridge for Matrix. This bridge passes all IRC messages to Matrix and all Matrix messages to IRC. A resource management error vulnerability exists in Matrix matrix-appservice-irc prior to version 0.35.0, which stems from an error in the underlying matrix-org/node-irc...

6.3CVSS6.4AI score0.00681EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2022/09/13 12:0 a.m.7 views

PT-2022-24803 · Node-Irc +1 · Node-Irc +1

Name of the Vulnerable Software and Affected Versions: matrix-appservice-irc versions prior to 0.35.0 Description: The issue arises from a bug in the underlying matrix-org/node-irc library, causing matrix-appservice-irc to incorrectly parse multiple modes in a single mode command. This can...

6.3CVSS6.2AI score0.00681EPSS
Exploits0References8
NVD
NVD
added 2022/09/12 8:15 p.m.15 views

CVE-2022-39200

Dendrite is a Matrix homeserver written in Go. In affected versions events retrieved from a remote homeserver using the /getmissingevents path did not have their signatures verified correctly. This could potentially allow a remote homeserver to provide invalid/modified events to Dendrite via this...

7.3CVSS0.003EPSS
Exploits0References2
Prion
Prion
added 2022/09/12 8:15 p.m.20 views

Design/Logic Flaw

Dendrite is a Matrix homeserver written in Go. In affected versions events retrieved from a remote homeserver using the /getmissingevents path did not have their signatures verified correctly. This could potentially allow a remote homeserver to provide invalid/modified events to Dendrite via this...

5CVSS5.3AI score0.003EPSS
Exploits0References2Affected Software1
AlpineLinux
AlpineLinux
added 2022/09/12 8:10 p.m.38 views

CVE-2022-39200

Dendrite is a Matrix homeserver written in Go. In affected versions events retrieved from a remote homeserver using the /getmissingevents path did not have their signatures verified correctly. This could potentially allow a remote homeserver to provide invalid/modified events to Dendrite via this...

7.3CVSS6AI score0.003EPSS
Exploits0
CVE
CVE
added 2022/09/12 8:10 p.m.96 views

CVE-2022-39200

Dendrite (Matrix homeserver, Go) had a vulnerability where events fetched from a remote server via /get_missing_events were not verified for signatures. This could allow a remote homeserver to provide invalid/modified events to Dendrite through that endpoint. Other endpoints such as /event or /st...

7.3CVSS6.1AI score0.003EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder