3662 matches found
Parsing issue in matrix-org/node-irc leading to room takeovers
Impact Attackers can specify a specific string of characters, which would confuse the bridge into combining an attacker-owned channel and an existing channel, allowing them to grant themselves permissions in the channel. Patched The vulnerability has been patched in matrix-appservice-irc 0.35.0...
Privilege Escalation
matrix-appservice-irc is vulnerable to privilege escalation. The vulnerability exists in the DEFAULTCONFIG function in IrcServer.ts due to improper validation of user rights, allowing an attacker to elevate privileges...
CVE-2022-39202
matrix-appservice-irc is an open source Node.js IRC bridge for Matrix. The Internet Relay Chat IRC protocol allows you to specify multiple modes in a single mode command. Due to a bug in the underlying matrix-org/node-irc library, affected versions of matrix-appservice-irc perform parsing of such...
CVE-2022-39203 Parsing issue in matrix-org/node-irc leading to room takeovers
matrix-appservice-irc is an open source Node.js IRC bridge for Matrix. Attackers can specify a specific string of characters, which would confuse the bridge into combining an attacker-owned channel and an existing channel, allowing them to grant themselves permissions in the channel. The...
CVE-2022-39203
The CVE-2022-39203 entry concerns matrix-appservice-irc (Matrix’s Node.js IRC bridge). A crafted string can cause the bridge to merge an attacker-owned channel with an existing channel, enabling the attacker to grant themselves channel permissions. This has been fixed in matrix-appservice-irc ver...
CVE-2022-39203 Parsing issue in matrix-org/node-irc leading to room takeovers
matrix-appservice-irc is an open source Node.js IRC bridge for Matrix. Attackers can specify a specific string of characters, which would confuse the bridge into combining an attacker-owned channel and an existing channel, allowing them to grant themselves permissions in the channel. The...
Command injection
matrix-appservice-irc is an open source Node.js IRC bridge for Matrix. The Internet Relay Chat IRC protocol allows you to specify multiple modes in a single mode command. Due to a bug in the underlying matrix-org/node-irc library, affected versions of matrix-appservice-irc perform parsing of such...
CVE-2022-39202
CVE-2022-39202 affects matrix-appservice-irc, a Node.js IRC bridge for Matrix. A bug in the underlying matrix-org/node-irc library can cause IRC mode commands with multiple modes to be parsed incorrectly, potentially granting privileges to the wrong user. Exploitation requires the attacker to tri...
CVE-2022-39202 IRC mode parameter confusion in matrix-appservice-irc
matrix-appservice-irc is an open source Node.js IRC bridge for Matrix. The Internet Relay Chat IRC protocol allows you to specify multiple modes in a single mode command. Due to a bug in the underlying matrix-org/node-irc library, affected versions of matrix-appservice-irc perform parsing of such...
CVE-2022-39202 IRC mode parameter confusion in matrix-appservice-irc
matrix-appservice-irc is an open source Node.js IRC bridge for Matrix. The Internet Relay Chat IRC protocol allows you to specify multiple modes in a single mode command. Due to a bug in the underlying matrix-org/node-irc library, affected versions of matrix-appservice-irc perform parsing of such...
CVE-2022-39202 IRC mode parameter confusion in matrix-appservice-irc
matrix-appservice-irc is an open source Node.js IRC bridge for Matrix. The Internet Relay Chat IRC protocol allows you to specify multiple modes in a single mode command. Due to a bug in the underlying matrix-org/node-irc library, affected versions of matrix-appservice-irc perform parsing of such...
Signature Verification Bypass
github.com/matrix-org/dendrite is vulnerable to signature verification bypass. A remote attacker is able to provide invalid or modified malicious events to spread via an endpoint because the events retrieved from a remote homeserver using the /getmissingevents path does not verify their signature...
PT-2022-24804 · Unknown · Matrix-Appservice-Irc
Name of the Vulnerable Software and Affected Versions: matrix-appservice-irc versions prior to 0.35.0 Description: The issue allows attackers to specify a specific string of characters, which would confuse the bridge into combining an attacker-owned channel and an existing channel, allowing them ...
Matrix matrix-appservice-irc 资源管理错误漏洞
matrix-appservice-irc is a bridge for Matrix. This bridge passes all IRC messages to Matrix and all Matrix messages to IRC. A resource management error vulnerability exists in Matrix matrix-appservice-irc prior to version 0.35.0, which can be exploited by an attacker to specify a specific string,...
Matrix matrix-appservice-irc 资源管理错误漏洞
matrix-appservice-irc is a bridge for Matrix. This bridge passes all IRC messages to Matrix and all Matrix messages to IRC. A resource management error vulnerability exists in Matrix matrix-appservice-irc prior to version 0.35.0, which stems from an error in the underlying matrix-org/node-irc...
PT-2022-24803 · Node-Irc +1 · Node-Irc +1
Name of the Vulnerable Software and Affected Versions: matrix-appservice-irc versions prior to 0.35.0 Description: The issue arises from a bug in the underlying matrix-org/node-irc library, causing matrix-appservice-irc to incorrectly parse multiple modes in a single mode command. This can...
CVE-2022-39200
Dendrite is a Matrix homeserver written in Go. In affected versions events retrieved from a remote homeserver using the /getmissingevents path did not have their signatures verified correctly. This could potentially allow a remote homeserver to provide invalid/modified events to Dendrite via this...
Design/Logic Flaw
Dendrite is a Matrix homeserver written in Go. In affected versions events retrieved from a remote homeserver using the /getmissingevents path did not have their signatures verified correctly. This could potentially allow a remote homeserver to provide invalid/modified events to Dendrite via this...
CVE-2022-39200
Dendrite is a Matrix homeserver written in Go. In affected versions events retrieved from a remote homeserver using the /getmissingevents path did not have their signatures verified correctly. This could potentially allow a remote homeserver to provide invalid/modified events to Dendrite via this...
CVE-2022-39200
Dendrite (Matrix homeserver, Go) had a vulnerability where events fetched from a remote server via /get_missing_events were not verified for signatures. This could allow a remote homeserver to provide invalid/modified events to Dendrite through that endpoint. Other endpoints such as /event or /st...