CVE-2023-38700

Опубликовано: 04 авг. 2023

Источник: nvd

CVSS3: 3.5

CVSS3: 3.7

EPSS Низкий

Описание

matrix-appservice-irc is a Node.js IRC bridge for Matrix. Prior to version 1.0.1, it was possible to craft an event such that it would leak part of a targeted message event from another bridged room. This required knowing an event ID to target. Version 1.0.1n fixes this issue. As a workaround, set the matrixHandler.eventCacheSize config value to 0. This workaround may impact performance.

Ссылки

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:matrix:matrix_irc_bridge:*:*:*:*:*:node.js:*:*

Версия до 1.0.1 (исключая)

EPSS

Процентиль: 50%

0.00266

Низкий

3.5 Low

CVSS3

3.7 Low

CVSS3

Дефекты

CWE-200

NVD-CWE-noinfo

Связанные уязвимости

GHSA-c7hh-3v6c-fj4q

CVSS3: 3.5

github

больше 2 лет назад

matrix-appservice-irc events can be crafted to leak parts of targeted messages from other bridged rooms

EPSS

Процентиль: 50%

0.00266

Низкий

3.5 Low

CVSS3

3.7 Low

CVSS3

Дефекты

CWE-200

NVD-CWE-noinfo