Miggo Logo
Miggo Vulnerability Database
CVE-2023-38700

CVE-2023-38700: matrix-appservice-irc events can be crafted to leak parts of targeted messages from other bridged rooms

3.5

CVSS Score
3.1

Basic Information

CVE ID
CVE-2023-38700
GHSA ID
GHSA-c7hh-3v6c-fj4q
EPSS Score
0.49923%
CWE
CWE-200
Published
8/4/2023
Updated
11/12/2023
KEV Status
No
Technology
TechnologyJavaScript

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N
Package NameEcosystemVulnerable VersionsFirst Patched Version
matrix-appservice-ircnpm<= 1.0.01.0.1

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stemmed from event caching without room context. The patch added room ID to cache keys (${roomId}-${eventId}), indicating the original functions lacked this scoping. The CWE-200 exposure occurred because these functions allowed event retrieval across rooms when given a known event ID, violating authorization boundaries between bridged rooms. The commit diff clearly shows these functions were modified to add room-based scoping.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

### Imp**t It w*s possi*l* to *r**t *n *v*nt su** t**t it woul* l**k p*rt o* * t*r**t** m*ss*** *v*nt *rom *not**r *ri**** room. T*is r*quir** knowin* *n *v*nt I* to t*r**t. ### P*t***s Pl**s* up*r*** to *.*.*. ### Work*roun*s You **n s*t t** `m

Reasoning

T** vuln*r**ility st*mm** *rom *v*nt ****in* wit*out room *ont*xt. T** p*t** ***** room I* to ***** k*ys (${roomI*}-${*v*ntI*}), in*i**tin* t** ori*in*l *un*tions l**k** t*is s*opin*. T** *W*-*** *xposur* o**urr** ****us* t**s* *un*tions *llow** *v*n
CVE-2023-38700: Matrix IRC Event Cache Leak | Miggo