Skip to content

Commit

Permalink
Update content/blog/2023/08/2023-08-04-bridges-vulnerability-disclosu…
Browse files Browse the repository at this point in the history 
…re.md

Co-authored-by: Tadeusz Sośnierz <tadzik@tadzik.net>
  • Loading branch information
@thibaultamartin @tadzik
thibaultamartin and tadzik authored Aug 4, 2023
1 parent f734d7a commit 8ae44ce
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion content/blog/2023/08/2023-08-04-bridges-vulnerability-disclosure.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -39,6 +39,6 @@ Discovered and reported by [Val Lorentz](https://valentin-lorentz.fr/).

The IRC bridge caches recent timeline messages in memory, so that when a reply is seen for a message it doesn’t need to request the event content from the homeserver. However the room ID was not validated when accessing this cache, so a malicious actor could craft a reply event in another room referencing any event ID (so long as it was still in the bridge cache) to trick the bridge into posting the message content into a bridged reply.

Discovered and reported by[ Val Lorentz](https://valentin-lorentz.fr/).
Discovered and reported by [Val Lorentz](https://valentin-lorentz.fr/).

If you have further questions, please reach out on [security@matrix.org](mailto:security@matrix.org)

0 comments on commit 8ae44ce

Please sign in to comment.