PT-2023-26565 · Unknown · Matrix-Appservice-Irc

Val Lorentz

Publicado

2023-08-04

Atualizado

2023-08-11

CVE-2023-38700

CVSS v3.1

3.5

Baixa

Vetor

AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions matrix-appservice-irc versions prior to 1.0.1

Description The issue allows an attacker to craft an event that leaks part of a targeted message event from another bridged room, requiring knowledge of an event ID to target.

Recommendations For versions prior to 1.0.1, upgrade to version 1.0.1. As a temporary workaround, consider setting the matrixHandler.eventCacheSize config value to 0, although this may impact performance.

Exploit

Correção

Information Disclosure

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-200

Identificadores relacionados

CVE-2023-38700

GHSA-C7HH-3V6C-FJ4Q

Produtos afetados

Matrix-Appservice-Irc

PT-2023-26565 · Unknown · Matrix-Appservice-Irc

CVE-2023-38700

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 9