CVE-2024-32000
CVSS 3.1 Score 4.3 of 10 (medium)
Details
Summary
CVE-2024-32000 is a vulnerability affecting matrix-appservice-irc, a Node.js IRC bridge for the Matrix messaging protocol. This issue allows a malicious user to leak the truncated body of a message if they reply to an event ID they don't have access to. The attack requires the user to know the event ID and be joined to both the Matrix room and the IRC channel it is bridged to. The leaked message content becomes visible to IRC channel members. To mitigate this issue, users are advised to upgrade to version 2.0.0, which checks for user permissions before constructing a reply. Administrators can also limit the information leaked by setting a reply template without the original message content. (Lines 601-604 in the configuration file)
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.