Malicious Matrix homeserver can leak truncated message content of messages it shouldn't have access to
- Severity:
- Medium
Description
The fix for GHSA-wm4w-7h2q-3pf7 / CVE-2024-32000 included in matrix-appservice-irc 2.0.0 relied on the Matrix homeserver-provided timestamp to determine whether a user has access to the event they’re replying to when determining whether or not to include a truncated version of the original event in the IRC message.
Recommendation
Update the matrix-appservice-irc package to the latest compatible version. Followings are version details:
- Affected version(s): <= 2.0.0
- Patched version(s): 2.0.1
References
Related Issues
- Matrix IRC Bridge truncated content of messages can be leaked - CVE-2024-32000
- matrix-appservice-irc events can be crafted to leak parts of targeted messages from other bridged rooms - CVE-2023-38700
- tiny-secp256k1 vulnerable to private key extraction when signing a malicious JSON-stringifyable message in bundled envir - CVE-2024-49364
- matrix-js-sdk can be tricked into disclosing E2EE room keys to a participating homeserver - CVE-2021-40823
- Tags:
- npm
- matrix-appservice-irc
Anything's wrong? Let us know Last updated on July 05, 2024