Lucene search
+L

81 matches found

Positive Technologies
Positive Technologies
added 2023/08/04 12:0 a.m.11 views

PT-2023-26555 · Unknown · Matrix-Appservice-Irc

Name of the Vulnerable Software and Affected Versions: matrix-appservice-irc versions prior to 1.0.1 Description: The issue allows an attacker to craft a command with newlines that would not be properly parsed, enabling them to pass a string of commands as a channel name, which would then be...

9.8CVSS9.6AI score0.00777EPSS
Exploits0References8
CNNVD
CNNVD
added 2023/08/04 12:0 a.m.5 views

matrix-appservice-irc Information Disclosure Vulnerability

matrix-appservice-irc is a bridge for Matrix. This bridge passes all IRC messages to Matrix and all Matrix messages to IRC. An information disclosure vulnerability exists in versions prior to matrix-appservice-irc 1.0.1, which stems from a vulnerability that allows an attacker to obtain informati...

3.7CVSS6.1AI score0.00485EPSS
Exploits0References4
CNNVD
CNNVD
added 2023/08/04 12:0 a.m.9 views

Matrix matrix-appservice-irc Command Injection Vulnerability

matrix-appservice-irc is a bridge for Matrix. This bridge passes all IRC messages to Matrix and all Matrix messages to IRC. A command injection vulnerability exists in Matrix matrix-appservice-irc versions prior to 1.0.1, which stems from a vulnerability that allows an attacker to craft commands...

9.8CVSS7.6AI score0.00777EPSS
Exploits0References4
OSV
OSV
added 2022/11/13 12:0 p.m.42 views

GHSA-FFWF-47X2-JPR8 Matrix-appservice-irc vulnerable to sql injection via roomIds argument

A vulnerability was found in matrix-appservice-irc up to 0.35.1. This vulnerability affects the file src/datastore/postgres/PgDataStore.ts. The manipulation of the argument roomIds leads to sql injection. Upgrading to version 0.36.0 is able to address this issue. The name of the patch is...

5.6CVSS5.4AI score0.00509EPSS
Exploits0References6
NVD
NVD
added 2022/11/13 10:15 a.m.30 views

CVE-2022-3971

A vulnerability was found in matrix-appservice-irc up to 0.35.1. It has been declared as critical. This vulnerability affects unknown code of the file src/datastore/postgres/PgDataStore.ts. The manipulation of the argument roomIds leads to sql injection. Upgrading to version 0.36.0 is able to...

5.6CVSS0.00509EPSS
Exploits0References4
Prion
Prion
added 2022/11/13 10:15 a.m.23 views

Sql injection

A vulnerability was found in matrix-appservice-irc up to 0.35.1. It has been declared as critical. This vulnerability affects unknown code of the file src/datastore/postgres/PgDataStore.ts. The manipulation of the argument roomIds leads to sql injection. Upgrading to version 0.36.0 is able to...

5.1CVSS6.2AI score0.00509EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2022/11/13 12:0 a.m.67 views

CVE-2022-3971

Summary (CVE-2022-3971) : A SQL injection vulnerability exists in matrix-appservice-irc up to version 0.35.1, in an unknown portion of the code path that handles the argument roomIds within PgDataStore.ts . The issue is exploitable via untrusted input and is described as a critical risk in multip...

5.6CVSS5.6AI score0.00509EPSS
Exploits0References4Affected Software1
CNNVD
CNNVD
added 2022/11/13 12:0 a.m.6 views

matrix-appservice-irc 安全漏洞

matrix-appservice-irc is a bridge for Matrix. This bridge passes all IRC messages to Matrix and all Matrix messages to IRC. A security vulnerability exists in matrix-appservice-irc 0.35.1 and earlier versions, which stems from affected unknown code in the file src/datastore/postgres/PgDataStore.t...

5.6CVSS5.8AI score0.00509EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2022/11/13 12:0 a.m.8 views

PT-2022-24988 · Unknown · Matrix-Appservice-Irc

Name of the Vulnerable Software and Affected Versions: matrix-appservice-irc versions up to 0.35.1 Description: A critical issue affects the file src/datastore/postgres/PgDataStore.ts, where the manipulation of the roomIds argument leads to sql injection. Upgrading to version 0.36.0 addresses thi...

5.6CVSS5.7AI score0.00509EPSS
Exploits0References10
Cvelist
Cvelist
added 2022/11/13 12:0 a.m.28 views

CVE-2022-3971 matrix-appservice-irc PgDataStore.ts sql injection

A vulnerability was found in matrix-appservice-irc up to 0.35.1. It has been declared as critical. This vulnerability affects unknown code of the file src/datastore/postgres/PgDataStore.ts. The manipulation of the argument roomIds leads to sql injection. Upgrading to version 0.36.0 is able to...

4.6CVSS6.5AI score0.00509EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2022/11/13 12:0 a.m.6 views

CVE-2022-3971 matrix-appservice-irc PgDataStore.ts sql injection

A vulnerability was found in matrix-appservice-irc up to 0.35.1. It has been declared as critical. This vulnerability affects unknown code of the file src/datastore/postgres/PgDataStore.ts. The manipulation of the argument roomIds leads to sql injection. Upgrading to version 0.36.0 is able to...

4.6CVSS8AI score0.00509EPSS
Exploits0References4
OSV
OSV
added 2022/11/13 12:0 a.m.18 views

CVE-2022-3971 matrix-appservice-irc PgDataStore.ts sql injection

A vulnerability was found in matrix-appservice-irc up to 0.35.1. It has been declared as critical. This vulnerability affects unknown code of the file src/datastore/postgres/PgDataStore.ts. The manipulation of the argument roomIds leads to sql injection. Upgrading to version 0.36.0 is able to...

4.6CVSS5.8AI score0.00509EPSS
Exploits0References6
OSV
OSV
added 2022/09/15 3:26 a.m.23 views

GHSA-CQ7Q-5C67-W39W matrix-appservice-irc vulnerable to IRC mode parameter confusion

Impact IRC allows you to specify multiple modes in a single mode command. Due to a bug in the underlying matrix-org/node-irc library, affected versions of matrix-appservice-irc perform parsing of such modes incorrectly, potentially resulting in the wrong user being given permissions. Mode command...

4.3CVSS5.5AI score0.00706EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2022/09/15 3:26 a.m.42 views

matrix-appservice-irc vulnerable to IRC mode parameter confusion

Impact IRC allows you to specify multiple modes in a single mode command. Due to a bug in the underlying matrix-org/node-irc library, affected versions of matrix-appservice-irc perform parsing of such modes incorrectly, potentially resulting in the wrong user being given permissions. Mode command...

6.3CVSS6.4AI score0.00706EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2022/09/15 3:26 a.m.35 views

Parsing issue in matrix-org/node-irc leading to room takeovers

Impact Attackers can specify a specific string of characters, which would confuse the bridge into combining an attacker-owned channel and an existing channel, allowing them to grant themselves permissions in the channel. Patched The vulnerability has been patched in matrix-appservice-irc 0.35.0...

8.8CVSS8.3AI score0.00744EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2022/09/15 3:26 a.m.15 views

GHSA-XVQG-MV25-RWVW Parsing issue in matrix-org/node-irc leading to room takeovers

Impact Attackers can specify a specific string of characters, which would confuse the bridge into combining an attacker-owned channel and an existing channel, allowing them to grant themselves permissions in the channel. Patched The vulnerability has been patched in matrix-appservice-irc 0.35.0...

8.8CVSS8.6AI score0.00744EPSS
Exploits0References4
Veracode
Veracode
added 2022/09/14 8:57 a.m.18 views

Privilege Escalation

matrix-appservice-irc is vulnerable to privilege escalation. The vulnerability exists in the DEFAULTCONFIG function in IrcServer.ts due to improper validation of user rights, allowing an attacker to elevate privileges...

6.3CVSS6.2AI score0.00706EPSS
Exploits0References5Affected Software1
NVD
NVD
added 2022/09/13 6:15 p.m.61 views

CVE-2022-39202

matrix-appservice-irc is an open source Node.js IRC bridge for Matrix. The Internet Relay Chat IRC protocol allows you to specify multiple modes in a single mode command. Due to a bug in the underlying matrix-org/node-irc library, affected versions of matrix-appservice-irc perform parsing of such...

6.3CVSS0.00706EPSS
Exploits0References3
CVE
CVE
added 2022/09/13 6:15 p.m.69 views

CVE-2022-39203

The CVE-2022-39203 entry concerns matrix-appservice-irc (Matrix’s Node.js IRC bridge). A crafted string can cause the bridge to merge an attacker-owned channel with an existing channel, enabling the attacker to grant themselves channel permissions. This has been fixed in matrix-appservice-irc ver...

8.8CVSS8.6AI score0.00744EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2022/09/13 6:15 p.m.8 views

CVE-2022-39203 Parsing issue in matrix-org/node-irc leading to room takeovers

matrix-appservice-irc is an open source Node.js IRC bridge for Matrix. Attackers can specify a specific string of characters, which would confuse the bridge into combining an attacker-owned channel and an existing channel, allowing them to grant themselves permissions in the channel. The...

8.8CVSS8.6AI score0.00744EPSS
Exploits0References2
Rows per page
Query Builder