CVE-2021-32659

Name of the Vulnerable Software and Affected Versions Matrix-appservice-bridge versions 2.6.0 and earlier

Description The issue concerns the Matrix communication program's application services, specifically the bridging service. If a bridge has room upgrade handling turned on in the configuration, any m.room.tombstone event encountered will be used to unbridge the current room and bridge into the target room. However, the target room m.room.create event is not checked to verify if the predecessor field contains the previous room. This allows any malicious admin of a bridged room to repoint the traffic to a different room without the new room being aware.

Recommendations For versions 2.6.0 and earlier, update to version 2.6.1 or greater to resolve the issue. As a temporary workaround for versions 2.6.0 and earlier, consider disabling the automatic room upgrade handling by removing the roomUpgradeOpts key from the Bridge class options.