CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-52505 – matrix-appservice-irc allows IRC Command injection in provisioning API
https://notcve.org/view.php?id=CVE-2024-52505
matrix-appservice-irc is a Node.js IRC bridge for the Matrix messaging protocol. The provisioning API of the matrix-appservice-irc bridge up to version 3.0.2 contains a vulnerability which can lead to arbitrary IRC command execution as the bridge IRC bot. The vulnerability has been patched in matrix-appservice-irc version 3.0.3. • https://github.com/matrix-org/matrix-appservice-irc/commit/4a024eae1a992b1ea67e71a998e0b833b54221e2 https://github.com/matrix-org/matrix-appservice-irc/security/advisories/GHSA-c3hj-hg7p-rrq5 • CWE-147: Improper Neutralization of Input Terminators •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-50336 – matrix-js-sdk has insufficient MXC URI validation which allows client-side path traversal
https://notcve.org/view.php?id=CVE-2024-50336
matrix-js-sdk is a Matrix messaging protocol Client-Server SDK for JavaScript. matrix-js-sdk before 34.11.0 is vulnerable to client-side path traversal via crafted MXC URIs. A malicious room member can trigger clients based on the matrix-js-sdk to issue arbitrary authenticated GET requests to the client's homeserver. Fixed in matrix-js-sdk 34.11.1. • https://github.com/matrix-org/matrix-js-sdk/security/advisories/GHSA-xvg8-m4x3-w6xr https://spec.matrix.org/v1.12/client-server-api/#security-considerations-5 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-10381 – Authentication Bypass Vulnerability in Matrix Door Controller
https://notcve.org/view.php?id=CVE-2024-10381
This vulnerability exists in Matrix Door Controller Cosec Vega FAXQ due to improper implementation of session management at the web-based management interface. A remote attacker could exploit this vulnerability by sending a specially crafted http request on the vulnerable device. Successful exploitation of this vulnerability could allow remote attacker to gain unauthorized access and take complete control of the targeted device. • https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2024-0328 • CWE-288: Authentication Bypass Using an Alternate Path or Channel •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2024-50485 – WordPress Exam Matrix plugin <= 1.5 - Privilege Escalation vulnerability
https://notcve.org/view.php?id=CVE-2024-50485
: Incorrect Privilege Assignment vulnerability in Udit Rawat Exam Matrix allows Privilege Escalation.This issue affects Exam Matrix: from n/a through 1.5. :La vulnerabilidad de asignación incorrecta de privilegios en Udit Rawat Exam Matrix permite la escalada de privilegios. Este problema afecta a Exam Matrix: desde n/a hasta 1.5. The Exam Matrix plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.5. This is due to the plugin not properly restricting functionality that makes it possible for unauthenticated users to register as a higher privileged role. • https://github.com/RandomRobbieBF/CVE-2024-50485 https://patchstack.com/database/vulnerability/exam-matrix/wordpress-exam-matrix-plugin-1-5-privilege-escalation-vulnerability?_s_id=cve • CWE-266: Incorrect Privilege Assignment •
CVSS: 8.7EPSS: 0%CPEs: 1EXPL: 0CVE-2024-47824 – Malicious homeservers can steal message keys when the matrix-react-sdk user invites another user to a room
https://notcve.org/view.php?id=CVE-2024-47824
matrix-react-sdk is react-based software development kit for inserting a Matrix chat/VOIP client into a web page. Starting in version 3.18.0 and before 3.102.0, matrix-react-sdk allows a malicious homeserver to potentially steal message keys for a room when a user invites another user to that room, via injection of a malicious device controlled by the homeserver. This is possible because matrix-react-sdk before 3.102.0 shared historical message keys on invite. Version 3.102.0 fixes this issue by disabling sharing message keys on invite by removing calls to the vulnerable functionality. No known workarounds are available. • https://github.com/matrix-org/matrix-react-sdk/security/advisories/GHSA-qcvh-p9jq-wp8v https://github.com/matrix-org/matrix-react-sdk/pull/12618 https://github.com/matrix-org/matrix-react-sdk/commit/6fc9d7641c51ca3db8225cf58b9d6e6fdd2d6556 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •