5 matches found
CVE-2021-32659
Matrix-appservice-bridge is the bridging service for the Matrix communication program's application services. In versions 2.6.0 and earlier, if a bridge has room upgrade handling turned on in the configuration the roomUpgradeOpts key when instantiating a new Bridge instance., any m.room.tombstone...
[ASA-202106-51] matrix-appservice-irc: insufficient validation
Arch Linux Security Advisory ASA-202106-51 ========================================== Severity: Medium Date : 2021-06-22 CVE-ID : CVE-2021-32659 Package : matrix-appservice-irc Type : insufficient validation Remote : Yes Link : https://security.archlinux.org/AVG-2076 Summary ======= The package...
CVE-2021-32659
Matrix-appservice-bridge is the bridging service for the Matrix communication program's application services. In versions 2.6.0 and earlier, if a bridge has room upgrade handling turned on in the configuration the roomUpgradeOpts key when instantiating a new Bridge instance., any m.room.tombstone...
CVE-2021-32659 Automatic room upgrade handling can be used maliciously to bridge a room non-consentually
Matrix-appservice-bridge is the bridging service for the Matrix communication program's application services. In versions 2.6.0 and earlier, if a bridge has room upgrade handling turned on in the configuration the roomUpgradeOpts key when instantiating a new Bridge instance., any m.room.tombstone...
CVE-2021-32659
CVE-2021-32659 affects matrix-appservice-bridge (versions 2.6.0 and earlier). When room upgrade handling is enabled via roomUpgradeOpts, an m.room.tombstone event can unbridge the current room and bridge into a target room without verifying the predecessor in the target m.room.create, enabling a ...