We found results for “


Good to know:


Date: September 13, 2022

matrix-appservice-irc is an open source Node.js IRC bridge for Matrix. Attackers can specify a specific string of characters, which would confuse the bridge into combining an attacker-owned channel and an existing channel, allowing them to grant themselves permissions in the channel. The vulnerability has been patched in matrix-appservice-irc 0.35.0. As a workaround operators may disable dynamic channel joining via `dynamicChannels.enabled` to prevent users from joining new channels, which prevents any new channels being bridged outside of what is already bridged, and what is specified in the config.

Language: JS

Severity Score

Severity Score

Weakness Type (CWE)

Improper Privilege Management


Top Fix


Upgrade Version

Upgrade to version matrix-appservice-irc - 0.35.0

Learn More

CVSS v3.1

Base Score:
Attack Vector (AV): NETWORK
Attack Complexity (AC): LOW
Privileges Required (PR): NONE
User Interaction (UI): NONE
Confidentiality (C): HIGH
Integrity (I): NONE
Availability (A): NONE

Do you need more information?

Contact Us