CVE-2024-52505

{"id": "CVE-2024-52505", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 2.5, "exploitabilityScore": 2.8}]}, "published": "2024-11-14T16:15:20.220", "references": [{"url": "https://github.com/matrix-org/matrix-appservice-irc/commit/4a024eae1a992b1ea67e71a998e0b833b54221e2", "source": "security-advisories@github.com"}, {"url": "https://github.com/matrix-org/matrix-appservice-irc/security/advisories/GHSA-c3hj-hg7p-rrq5", "source": "security-advisories@github.com"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Primary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-147"}]}], "descriptions": [{"lang": "en", "value": "matrix-appservice-irc is a Node.js IRC bridge for the Matrix messaging protocol. The provisioning API of the matrix-appservice-irc bridge up to version 3.0.2 contains a vulnerability which can lead to arbitrary IRC command execution as the bridge IRC bot. The vulnerability has been patched in matrix-appservice-irc version 3.0.3."}, {"lang": "es", "value": "matrix-appservice-irc es un puente IRC de Node.js para el protocolo de mensajer\u00eda Matrix. La API de aprovisionamiento del puente matrix-appservice-irc hasta la versi\u00f3n 3.0.2 contiene una vulnerabilidad que puede provocar la ejecuci\u00f3n arbitraria de comandos IRC como bot de puente IRC. La vulnerabilidad ha sido corregida en la versi\u00f3n 3.0.3 de matrix-appservice-irc."}], "lastModified": "2024-11-15T13:58:08.913", "sourceIdentifier": "security-advisories@github.com"}