CVE-2024-52505

Summary

matrix-appservice-irc is a Node.js IRC bridge for the Matrix messaging protocol. The provisioning API of the matrix-appservice-irc bridge up to version 3.0.2 contains a vulnerability which can lead to arbitrary IRC command execution as the bridge IRC bot. The vulnerability has been patched in matrix-appservice-irc version 3.0.3.

Affected Software

VendorProductVersion RangeStatus
matrix-orgmatrix-appservice-irc< 3.0.3affected

Weaknesses

  • CWE-147: CWE-147: Improper Neutralization of Input Terminators

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References