CVE-2021-32659
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2021-32659
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-32659.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2021-32659
- Aliases
- Related
- Published
- 2021-06-16T19:15:38.830Z
- Modified
- 2025-11-14T11:55:25.287440Z
- Severity
-
- 4.9 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N CVSS Calculator
- Summary
- [none]
- Details
-
Matrix-appservice-bridge is the bridging service for the Matrix communication program's application services. In versions 2.6.0 and earlier, if a bridge has room upgrade handling turned on in the configuration (the
roomUpgradeOptskey when instantiating a newBridgeinstance.), anym.room.tombstoneevent it encounters will be used to unbridge the current room and bridge into the target room. However, the target roomm.room.createevent is not checked to verify if thepredecessorfield contains the previous room. This means that any malicious admin of a bridged room can repoint the traffic to a different room without the new room being aware. Versions 2.6.1 and greater are patched. As a workaround, disabling the automatic room upgrade handling can be done by removing theroomUpgradeOptskey from theBridgeclass options. - References
Affected packages
Git / github.com/matrix-org/matrix-appservice-bridge
Affected ranges
- Type
- GIT
- Repo
- https://github.com/matrix-org/matrix-appservice-bridge
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixedFixed