Lucene search
Veracode Vulnerability DatabaseVERACODE:37028HistorySep 14, 2022 - 8:57 a.m.
Privilege Escalation
2022-09-1408:57:03
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
7
matrix-appservice-irc
privilege escalation
default_config function
ircserver.ts
validation
user rights
0.001 Low
EPSS
Percentile
42.0%
matrix-appservice-irc is vulnerable to privilege escalation. The vulnerability exists in the DEFAULT_CONFIG function in IrcServer.ts due to improper validation of user rights, allowing an attacker to elevate privileges.
References
github.com/matrix-org/matrix-appservice-irc/commit/5f87dbed87b4b6dc49b7965ff152ee8535719e67
github.com/matrix-org/matrix-appservice-irc/commit/e3097ccde610b9d31cbcad097eb2eca77925f1c2
github.com/matrix-org/matrix-appservice-irc/pull/1567
github.com/matrix-org/matrix-appservice-irc/security/advisories/GHSA-cq7q-5c67-w39w
matrix.org/blog/2022/09/13/security-release-of-matrix-appservice-irc-0-35-0-high-severity/
Related
osv
osv
CVE-2022-39202
2022-09-13 18:15:15
matrix-appservice-irc vulnerable to IRC mode parameter confusion
2022-09-15 03:26:25
prion
prion
Command injection
2022-09-13 18:15:00
nvd
nvd
CVE-2022-39202
2022-09-13 18:15:15
github
github
matrix-appservice-irc vulnerable to IRC mode parameter confusion
2022-09-15 03:26:25
cve
cve
CVE-2022-39202
2022-09-13 18:15:15
cvelist
cvelist
CVE-2022-39202 IRC mode parameter confusion in matrix-appservice-irc
2022-09-13 18:10:15