It is worth noting that this release implements matrix-appservice-irc 0.35.1 and is not vulnerable to this issue. Moreover, it is possible to upgrade to matrix-appservice-irc 0.36.0 as well. The recommended course of action is to update the affected component to the latest version. End users and administrators are advised to upgrade affected components as soon as possible.
It is worth noting that this release implements matrix-appservice-irc 0.35.1 and is not vulnerable to this issue. Moreover, it is possible to upgrade to matrix-appservice-irc 0.36.0 as well. The recommended course of action is to update the affected component to the latest version. End users and administrators are advised to upgrade affected components as soon as possible. VDB-213148 is the identifier assigned to this vulnerability. It has been reported by an end user that a malicious user was able to get root access using this vulnerability. However, it has not been confirmed. End users are advised to upgrade the affected component as soon as possible.
What is Matrix?
Matrix is a web application that allows people to create and manage their own public or private chat rooms. The Matrix protocol offers open, extensible API to allow users to develop new features without changing the code of the core Matrix server.
Timeline
Published on: 11/13/2022 10:15:00 UTC
Last modified on: 11/17/2022 18:12:00 UTC
References
- https://vuldb.com/?id.213550
- https://github.com/matrix-org/matrix-appservice-irc/pull/1619
- https://github.com/matrix-org/matrix-appservice-irc/commit/179313a37f06b298150edba3e2b0e5a73c1415e7
- https://github.com/matrix-org/matrix-appservice-irc/releases/tag/0.36.0
- https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3971