Description

matrix-appservice-irc is a Node.js IRC bridge for the Matrix messaging protocol. The provisioning API of the matrix-appservice-irc bridge up to version 3.0.2 contains a vulnerability which can lead to arbitrary IRC command execution as the bridge IRC bot. The vulnerability has been patched in matrix-appservice-irc version 3.0.3.

INFO

Published Date :

2024-11-14T15:29:20.132Z

Last Modified :

2024-11-14T15:55:36.958Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2024-52505 vulnerability.

Vendors Products
Matrix-org
  • Matrix-appservice-irc
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-52505.

URL Resource
https://github.com/matrix-org/matrix-appservice-irc/commit/4a024eae1a992b1ea67e71a998e0b833b54221e2 cve-icon cve-icon
https://github.com/matrix-org/matrix-appservice-irc/security/advisories/GHSA-c3hj-hg7p-rrq5 cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact