CVE-2023-38700 - OpenCVE

matrix-appservice-irc is a Node.js IRC bridge for Matrix. Prior to version 1.0.1, it was possible to craft an event such that it would leak part of a targeted message event from another bridged room. This required knowing an event ID to target. Version 1.0.1n fixes this issue. As a workaround, set the `matrixHandler.eventCacheSize` config value to `0`. This workaround may impact performance.

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required Low

Scope Changed

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Matrix	Matrix Irc Bridge

Configuration 1 [-]

cpe:2.3:a:matrix:matrix_irc_bridge:*:*:*:*:*:node.js:*:*

No data.

References

Link	Providers
https://github.com/matrix-org/matrix-appservice-irc/commit/8bbd2b69a16cbcbeffdd9b5c973fd89d61498d75
https://github.com/matrix-org/matrix-appservice-irc/releases/tag/1.0.1
https://github.com/matrix-org/matrix-appservice-irc/security/advisories/GHSA-c7hh-3v6c-fj4q

History

No history.

MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2023-08-04T18:05:43.187Z

Updated: 2024-08-02T17:46:56.508Z

Reserved: 2023-07-24T16:19:28.365Z

Link: CVE-2023-38700

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2023-08-04T19:15:09.697

Modified: 2023-08-11T18:58:44.057

Link: CVE-2023-38700

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-38700", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2023-07-24T16:19:28.365Z", "datePublished": "2023-08-04T18:05:43.187Z", "dateUpdated": "2024-08-02T17:46:56.508Z"}, "containers": {"cna": {"title": "matrix-appservice-irc events can be crafted to leak parts of targeted messages from other bridged rooms", "problemTypes": [{"descriptions": [{"cweId": "CWE-200", "lang": "en", "description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.5, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N", "version": "3.1"}}], "references": [{"name": "https://github.com/matrix-org/matrix-appservice-irc/security/advisories/GHSA-c7hh-3v6c-fj4q", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/matrix-org/matrix-appservice-irc/security/advisories/GHSA-c7hh-3v6c-fj4q"}, {"name": "https://github.com/matrix-org/matrix-appservice-irc/commit/8bbd2b69a16cbcbeffdd9b5c973fd89d61498d75", "tags": ["x_refsource_MISC"], "url": "https://github.com/matrix-org/matrix-appservice-irc/commit/8bbd2b69a16cbcbeffdd9b5c973fd89d61498d75"}, {"name": "https://github.com/matrix-org/matrix-appservice-irc/releases/tag/1.0.1", "tags": ["x_refsource_MISC"], "url": "https://github.com/matrix-org/matrix-appservice-irc/releases/tag/1.0.1"}], "affected": [{"vendor": "matrix-org", "product": "matrix-appservice-irc", "versions": [{"version": "< 1.0.1", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2023-08-04T18:05:43.187Z"}, "descriptions": [{"lang": "en", "value": "matrix-appservice-irc is a Node.js IRC bridge for Matrix. Prior to version 1.0.1, it was possible to craft an event such that it would leak part of a targeted message event from another bridged room. This required knowing an event ID to target. Version 1.0.1n fixes this issue. As a workaround, set the `matrixHandler.eventCacheSize` config value to `0`. This workaround may impact performance."}], "source": {"advisory": "GHSA-c7hh-3v6c-fj4q", "discovery": "UNKNOWN"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T17:46:56.508Z"}, "title": "CVE Program Container", "references": [{"name": "https://github.com/matrix-org/matrix-appservice-irc/security/advisories/GHSA-c7hh-3v6c-fj4q", "tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/matrix-org/matrix-appservice-irc/security/advisories/GHSA-c7hh-3v6c-fj4q"}, {"name": "https://github.com/matrix-org/matrix-appservice-irc/commit/8bbd2b69a16cbcbeffdd9b5c973fd89d61498d75", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/matrix-org/matrix-appservice-irc/commit/8bbd2b69a16cbcbeffdd9b5c973fd89d61498d75"}, {"name": "https://github.com/matrix-org/matrix-appservice-irc/releases/tag/1.0.1", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/matrix-org/matrix-appservice-irc/releases/tag/1.0.1"}]}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:matrix:matrix_irc_bridge:*:*:*:*:*:node.js:*:*", "matchCriteriaId": "5E1ADA6C-5E11-43D2-B9D7-8357036D8621", "versionEndExcluding": "1.0.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "matrix-appservice-irc is a Node.js IRC bridge for Matrix. Prior to version 1.0.1, it was possible to craft an event such that it would leak part of a targeted message event from another bridged room. This required knowing an event ID to target. Version 1.0.1n fixes this issue. As a workaround, set the `matrixHandler.eventCacheSize` config value to `0`. This workaround may impact performance."}, {"lang": "es", "value": "matrix-appservice-irc es un puente IRC Node.js para Matrix. Antes de la versi\u00f3n 1.0.1, era posible crear un evento de forma que filtrara parte de un evento de mensaje objetivo de otra sala puenteada. Esto requer\u00eda conocer un ID de evento al que apuntar. La versi\u00f3n 1.0.1n corrige este problema. Como soluci\u00f3n, establezca el valor de configuraci\u00f3n `matrixHandler.eventCacheSize` a `0`. Esta soluci\u00f3n puede afectar al rendimiento.\n"}], "id": "CVE-2023-38700", "lastModified": "2023-08-11T18:58:44.057", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.7, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.5, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 1.4, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2023-08-04T19:15:09.697", "references": [{"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/matrix-org/matrix-appservice-irc/commit/8bbd2b69a16cbcbeffdd9b5c973fd89d61498d75"}, {"source": "security-advisories@github.com", "tags": ["Release Notes"], "url": "https://github.com/matrix-org/matrix-appservice-irc/releases/tag/1.0.1"}, {"source": "security-advisories@github.com", "tags": ["Vendor Advisory"], "url": "https://github.com/matrix-org/matrix-appservice-irc/security/advisories/GHSA-c7hh-3v6c-fj4q"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-200"}], "source": "security-advisories@github.com", "type": "Secondary"}]}