Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
matrix-appservice-irc events can be crafted to leak parts of targeted messages from other bridged rooms
Vulnerability Description
matrix-appservice-irc is a Node.js IRC bridge for Matrix. Prior to version 1.0.1, it was possible to craft an event such that it would leak part of a targeted message event from another bridged room. This required knowing an event ID to target. Version 1.0.1n fixes this issue. As a workaround, set the `matrixHandler.eventCacheSize` config value to `0`. This workaround may impact performance.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N
Vulnerability Type
信息暴露
Vulnerability Title
matrix-appservice-irc 信息泄露漏洞
Vulnerability Description
matrix-appservice-irc是Matrix的一款网桥。这个网桥会将所有 IRC 消息传递给 Matrix,并将所有 Matrix 消息传递给 IRC。 matrix-appservice-irc 1.0.1之前版本存在信息泄露漏洞,该漏洞源于允许攻击者通过制作消息事件来获取另一个桥接房间的信息。
CVSS Information
N/A
Vulnerability Type
N/A