CWE
306
Advisory Published
Updated

CVE-2021-32659: Automatic room upgrade handling can be used maliciously to bridge a room non-consentually

First published: Wed Jun 16 2021(Updated: )

Matrix-appservice-bridge is the bridging service for the Matrix communication program's application services. In versions 2.6.0 and earlier, if a bridge has room upgrade handling turned on in the configuration (the `roomUpgradeOpts` key when instantiating a new `Bridge` instance.), any `m.room.tombstone` event it encounters will be used to unbridge the current room and bridge into the target room. However, the target room `m.room.create` event is not checked to verify if the `predecessor` field contains the previous room. This means that any malicious admin of a bridged room can repoint the traffic to a different room without the new room being aware. Versions 2.6.1 and greater are patched. As a workaround, disabling the automatic room upgrade handling can be done by removing the `roomUpgradeOpts` key from the `Bridge` class options.

Credit: security-advisories@github.com

Affected SoftwareAffected VersionHow to fix
Matrix Matrix-appservice-bridge<2.6.1

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Frequently Asked Questions

  • What is CVE-2021-32659?

    CVE-2021-32659 is a vulnerability in Matrix-appservice-bridge, the bridging service for the Matrix communication program's application services.

  • How does CVE-2021-32659 affect Matrix-appservice-bridge?

    CVE-2021-32659 affects versions 2.6.0 and earlier of Matrix-appservice-bridge.

  • What is the severity of CVE-2021-32659?

    CVE-2021-32659 has a severity rating of 4.9 (medium).

  • How do I fix CVE-2021-32659?

    To fix CVE-2021-32659, update Matrix-appservice-bridge to version 2.6.1 or later.

  • Where can I find more information about CVE-2021-32659?

    You can find more information about CVE-2021-32659 on the official GitHub page of Matrix-appservice-bridge.

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203