Unknown
CVE-2021-32659
CVE ID
AttackerKB requires a CVE ID in order to pull vulnerability data and references from the CVE list and the National Vulnerability Database. If available, please supply below:
Add References:
CVE-2021-32659
MITRE ATT&CK
Collection
Command and Control
Credential Access
Defense Evasion
Discovery
Execution
Exfiltration
Impact
Initial Access
Lateral Movement
Persistence
Privilege Escalation
Topic Tags
Description
Matrix-appservice-bridge is the bridging service for the Matrix communication program’s application services. In versions 2.6.0 and earlier, if a bridge has room upgrade handling turned on in the configuration (the roomUpgradeOpts key when instantiating a new Bridge instance.), any m.room.tombstone event it encounters will be used to unbridge the current room and bridge into the target room. However, the target room m.room.create event is not checked to verify if the predecessor field contains the previous room. This means that any malicious admin of a bridged room can repoint the traffic to a different room without the new room being aware. Versions 2.6.1 and greater are patched. As a workaround, disabling the automatic room upgrade handling can be done by removing the roomUpgradeOpts key from the Bridge class options.
Add Assessment
No one has assessed this topic. Be the first to add your voice to the community.
CVSS V3 Severity and Metrics
General Information
References
Additional Info
Technical Analysis
Report as Emergent Threat Response
Report as Zero-day Exploit
Report as Exploited in the Wild
CVE ID
AttackerKB requires a CVE ID in order to pull vulnerability data and references from the CVE list and the National Vulnerability Database. If available, please supply below:
