CVE-2022-3971 A critical vulnerability was found in matrix-appservice-irc up to 0.35.1. The manipulation of the argument roomIds leads to sql injection.

CVE-2022-3971 A critical vulnerability was found in matrix-appservice-irc up to 0.35.1. The manipulation of the argument roomIds leads to sql injection.

It is worth noting that this release implements matrix-appservice-irc 0.35.1 and is not vulnerable to this issue. Moreover, it is possible to upgrade to matrix-appservice-irc 0.36.0 as well. The recommended course of action is to update the affected component to the latest version. End users and administrators are advised to upgrade affected components as soon as possible.

It is worth noting that this release implements matrix-appservice-irc 0.35.1 and is not vulnerable to this issue. Moreover, it is possible to upgrade to matrix-appservice-irc 0.36.0 as well. The recommended course of action is to update the affected component to the latest version. End users and administrators are advised to upgrade affected components as soon as possible. VDB-213148 is the identifier assigned to this vulnerability. It has been reported by an end user that a malicious user was able to get root access using this vulnerability. However, it has not been confirmed. End users are advised to upgrade the affected component as soon as possible.

What is Matrix?

Matrix is a web application that allows people to create and manage their own public or private chat rooms. The Matrix protocol offers open, extensible API to allow users to develop new features without changing the code of the core Matrix server.

References

Subscribe to CVE.news
Don’t miss out on the latest issues. Sign up now to get access to the library of members-only issues.
jamie@example.com
Subscribe