Lucene search
K
MatrixMatrix Irc Bridge

7 matches found

CVE
CVE
added 2022/05/05 11:5 p.m.82 views

CVE-2022-29166

CVE-2022-29166 affects matrix-appservice-irc (Node.js IRC bridge). The underlying issue in node-irc allows an attacker to make a Matrix user execute IRC commands by replying to a maliciously crafted message. A patch is available in matrix-appservice-irc 0.33.2. Guidance in disclosures urges not t...

8.8CVSS8.3AI score0.00938EPSS
CVE
CVE
added 2022/09/13 6:15 p.m.68 views

CVE-2022-39203

The CVE-2022-39203 entry concerns matrix-appservice-irc (Matrix’s Node.js IRC bridge). A crafted string can cause the bridge to merge an attacker-owned channel with an existing channel, enabling the attacker to grant themselves channel permissions. This has been fixed in matrix-appservice-irc ver...

8.8CVSS8.6AI score0.00717EPSS
CVE
CVE
added 2025/02/25 8:4 p.m.68 views

CVE-2025-27146

Summary (CVE-2025-27146): The Matrix-based bridge matrix-appservice-irc (Node.js) up to version 3.0.3 contains a vulnerability that allows an attacker to inject and execute arbitrary IRC commands as their own puppeted user. The issue is resolved in version 3.0.4. Multiple connected sources corrob...

4.3CVSS4.4AI score0.00354EPSS
CVE
CVE
added 2023/08/04 6:5 p.m.67 views

CVE-2023-38700

CVE-2023-38700 affects matrix-appservice-irc (Node.js IRC bridge for Matrix). Before version 1.0.1, an attacker could craft an event to leak part of a targeted message from another bridged room, requiring knowledge of an event ID. The issue is fixed in version 1.0.1n. As a workaround, deployments...

3.7CVSS3.7AI score0.00485EPSS
CVE
CVE
added 2022/11/13 12:0 a.m.62 views

CVE-2022-3971

Summary (CVE-2022-3971) : A SQL injection vulnerability exists in matrix-appservice-irc up to version 0.35.1, in an unknown portion of the code path that handles the argument roomIds within PgDataStore.ts . The issue is exploitable via untrusted input and is described as a critical risk in multip...

5.6CVSS5.6AI score0.00509EPSS
CVE
CVE
added 2023/08/04 4:31 p.m.59 views

CVE-2023-38690

CVE-2023-38690 affects matrix-appservice-irc (Node.js IRC bridge for Matrix). Before version 1.0.1, an attacker could craft a command containing newlines that would not be parsed correctly, allowing a string of commands to be passed as a channel name and executed by the IRC bridge bot. Affected v...

9.8CVSS7.7AI score0.00777EPSS
CVE
CVE
added 2022/09/13 6:10 p.m.53 views

CVE-2022-39202

CVE-2022-39202 affects matrix-appservice-irc, a Node.js IRC bridge for Matrix. A bug in the underlying matrix-org/node-irc library can cause IRC mode commands with multiple modes to be parsed incorrectly, potentially granting privileges to the wrong user. Exploitation requires the attacker to tri...

6.3CVSS5.5AI score0.00681EPSS