matrix-appservice-irc is vulnerable to privilege escalation. The vulnerability exists because the dynamic channel joining via dynamicChannels.enabled
is not properly disabled which allows an attacker to grant themselves permissions and combine attacker-owned channels with existing channels.
github.com/matrix-org/matrix-appservice-irc/commit/9a75c32cb23721e221039f49e9a181224fd066b3
github.com/matrix-org/matrix-appservice-irc/pull/1604
github.com/matrix-org/matrix-appservice-irc/security/advisories/GHSA-xvqg-mv25-rwvw
matrix.org/blog/2022/09/13/security-release-of-matrix-appservice-irc-0-35-0-high-severity
matrix.org/blog/2022/09/13/security-release-of-matrix-appservice-irc-0-35-0-high-severity/