CVSS: 6.3EPSS: 0%CPEs: 1EXPL: 0CVE-2022-39202 – IRC mode parameter confusion in matrix-appservice-irc
https://notcve.org/view.php?id=CVE-2022-39202
matrix-appservice-irc is an open source Node.js IRC bridge for Matrix. The Internet Relay Chat (IRC) protocol allows you to specify multiple modes in a single mode command. Due to a bug in the underlying matrix-org/node-irc library, affected versions of matrix-appservice-irc perform parsing of such modes incorrectly, potentially resulting in the wrong user being given permissions. Mode commands can only be executed by privileged users, so this can only be abused if an operator is tricked into running the command on behalf of an attacker. The vulnerability has been patched in matrix-appservice-irc 0.35.0. • https://github.com/matrix-org/matrix-appservice-irc/commit/5f87dbed87b4b6dc49b7965ff152ee8535719e67 https://github.com/matrix-org/matrix-appservice-irc/security/advisories/GHSA-cq7q-5c67-w39w https://matrix.org/blog/2022/09/13/security-release-of-matrix-appservice-irc-0-35-0-high-severity • CWE-269: Improper Privilege Management •
CVSS: 7.3EPSS: 0%CPEs: 1EXPL: 0CVE-2022-39200 – Signature checks not applied to some retrieved missing events
https://notcve.org/view.php?id=CVE-2022-39200
Dendrite is a Matrix homeserver written in Go. In affected versions events retrieved from a remote homeserver using the `/get_missing_events` path did not have their signatures verified correctly. This could potentially allow a remote homeserver to provide invalid/modified events to Dendrite via this endpoint. Note that this does not apply to events retrieved through other endpoints (e.g. `/event`, `/state`) as they have been correctly verified. • https://github.com/matrix-org/dendrite/commit/2792d0490f3771488bad346981b8c26479a872c3 https://github.com/matrix-org/dendrite/security/advisories/GHSA-pfw4-xjgm-267c • CWE-347: Improper Verification of Cryptographic Signature •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-31152 – Synapse vulnerable to denial of service (DoS) due to incorrect application of event authorization rules
https://notcve.org/view.php?id=CVE-2022-31152
Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. The Matrix specification specifies a list of [event authorization rules](https://spec.matrix.org/v1.2/rooms/v9/#authorization-rules) which must be checked when determining if an event should be accepted into a room. In versions of Synapse up to and including version 1.61.0, some of these rules are not correctly applied. An attacker could craft events which would be accepted by Synapse but not a spec-conformant server, potentially causing divergence in the room state between servers. Administrators of homeservers with federation enabled are advised to upgrade to version 1.62.0 or higher. • https://github.com/matrix-org/synapse/pull/13087 https://github.com/matrix-org/synapse/pull/13088 https://github.com/matrix-org/synapse/releases/tag/v1.62.0 https://github.com/matrix-org/synapse/security/advisories/GHSA-jhjh-776m-4765 • CWE-703: Improper Check or Handling of Exceptional Conditions CWE-755: Improper Handling of Exceptional Conditions •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2022-36009 – Incorrect parsing of access level in gomatrixserverlib and dendrite
https://notcve.org/view.php?id=CVE-2022-36009
gomatrixserverlib is a Go library for matrix protocol federation. Dendrite is a Matrix homeserver written in Go, an alternative to Synapse. The power level parsing within gomatrixserverlib was failing to parse the `"events_default"` key of the `m.room.power_levels` event, defaulting the event default power level to zero in all cases. Power levels are the matrix terminology for user access level. In rooms where the `"events_default"` power level had been changed, this could result in events either being incorrectly authorised or rejected by Dendrite servers. gomatrixserverlib contains a fix as of commit `723fd49` and Dendrite 0.9.3 has been updated accordingly. • https://github.com/matrix-org/gomatrixserverlib/commit/723fd495dde835d078b9f2074b6b62c06dea4575 https://github.com/matrix-org/gomatrixserverlib/security/advisories/GHSA-grvv-h2f9-7v9c https://matrix.org/docs/guides/moderation/#power-levels • CWE-863: Incorrect Authorization •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0CVE-2022-31052 – URL previews can crash Synapse media repositories or Synapse monoliths
https://notcve.org/view.php?id=CVE-2022-31052
Synapse is an open source home server implementation for the Matrix chat network. In versions prior to 1.61.1 URL previews of some web pages can exhaust the available stack space for the Synapse process due to unbounded recursion. This is sometimes recoverable and leads to an error for the request causing the problem, but in other cases the Synapse process may crash altogether. It is possible to exploit this maliciously, either by malicious users on the homeserver, or by remote users sending URLs that a local user's client may automatically request a URL preview for. Remote users are not able to exploit this directly, because the URL preview endpoint is authenticated. • https://github.com/matrix-org/synapse/commit/fa1308061802ac7b7d20e954ba7372c5ac292333 https://github.com/matrix-org/synapse/security/advisories/GHSA-22p3-qrh9-cx32 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7EARKKJZ2W7WUITFDT4EG4NVATFYJQHF https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QGSDQ4YAITCUACAB7SXQZDJIU3IQ4CJD https://spec.matrix.org/v1.2/client-server-api/#get_matrixmediav3preview_url • CWE-674: Uncontrolled Recursion •