Matrix Appservice Bridge Matrix Appservice Bridge

Do you want an email whenever new security vulnerabilities are reported in Matrix Appservice Bridge?

By the Year

In 2022 there have been 0 vulnerabilities in Matrix Appservice Bridge . Last year Matrix Appservice Bridge had 1 security vulnerability published. Right now, Matrix Appservice Bridge is on track to have less security vulnerabilities in 2022 than it did last year.

Year Vulnerabilities Average Score
2022 0 0.00
2021 1 4.90
2020 0 0.00
2019 0 0.00
2018 0 0.00

It may take a day or so for new Matrix Appservice Bridge vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Matrix Appservice Bridge Security Vulnerabilities

Matrix-appservice-bridge is the bridging service for the Matrix communication program's application services

CVE-2021-32659 4.9 - Medium - June 16, 2021

Matrix-appservice-bridge is the bridging service for the Matrix communication program's application services. In versions 2.6.0 and earlier, if a bridge has room upgrade handling turned on in the configuration (the `roomUpgradeOpts` key when instantiating a new `Bridge` instance.), any `m.room.tombstone` event it encounters will be used to unbridge the current room and bridge into the target room. However, the target room `m.room.create` event is not checked to verify if the `predecessor` field contains the previous room. This means that any malicious admin of a bridged room can repoint the traffic to a different room without the new room being aware. Versions 2.6.1 and greater are patched. As a workaround, disabling the automatic room upgrade handling can be done by removing the `roomUpgradeOpts` key from the `Bridge` class options.

Missing Authentication for Critical Function

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Matrix Appservice Bridge or by Matrix? Click the Watch button to subscribe.

Matrix
Vendor

subscribe