Home > Vulnerability Database > CVE-2023-38691

Mend.io Vulnerability Database

CVE-2023-38691

Good to know:

Date: August 4, 2023

matrix-appservice-bridge provides an API for setting up bridges. Starting in version 4.0.0 and prior to versions 8.1.2 and 9.0.1, a malicious Matrix server can use a foreign user's MXID in an OpenID exchange, allowing a bad actor to impersonate users when using the provisioning API. The library does not check that the servername part of the "sub" parameter (containing the user's claimed MXID) is the the same as the servername we are talking to. A malicious actor could spin up a server on any given domain, respond with a "sub" parameter according to the user they want to act as and use the resulting token to perform provisioning requests. Versions 8.1.2 and 9.0.1 contain a patch. As a workaround, disable the provisioning API.

Language: TYPE_SCRIPT

Severity Score

5.0

Related Resources (5)

Url: https://github.com/matrix-org/matrix-appservice-bridge/commit/4c6723a5e7beda65cdf1ae5dbb882e8beaac8552

Url: https://github.com/matrix-org/matrix-appservice-bridge

Url: https://nvd.nist.gov/vuln/detail/CVE-2023-38691

Url: https://github.com/matrix-org/matrix-appservice-bridge/security/advisories/GHSA-vc7j-h8xg-fv5x

Url: https://www.mend.io/vulnerability-database/CVE-2023-38691

Severity Score

5.0

Weakness Type (CWE)

Improper Authentication

CWE-287

Top Fix

Upgrade Version

Upgrade to version matrix-appservice-bridge - 8.1.2;matrix-appservice-bridge - 9.0.1

Learn More

CVSS v3.1

Base Score:	5.0
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	CHANGED
Confidentiality (C):	LOW
Integrity (I):	NONE
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2023-38691

Good to know:

Date: August 4, 2023

Language: TYPE_SCRIPT

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?