CVE-2021-29431

🗓️ 15 Apr 2021 21:00:16Reported by GitHub_MType

cve🔗 web.nvd.nist.gov📰️ 5 Media mentions👁 106 Views

Sydent server allows HTTP GET requests to internal systems without parameter validation leading to potential internal port enumeration

Reporter	Title	Published	Views	Family All 12
CNNVD	Matrix Sydent 代码问题漏洞	15 Apr 202100:00	–	cnnvd
Cvelist	CVE-2021-29431 SSRF in Sydent due to missing validation of hostnames	15 Apr 202121:00	–	cvelist
Debian CVE	CVE-2021-29431	15 Apr 202121:00	–	debiancve
EUVD	EUVD-2021-0120	7 Oct 202500:30	–	euvd
Github Security Blog	SSRF in Sydent due to missing validation of hostnames	19 Apr 202114:54	–	github
NVD	CVE-2021-29431	15 Apr 202121:15	–	nvd
OSV	GHSA-9JHM-8M8C-C3F4 SSRF in Sydent due to missing validation of hostnames	19 Apr 202114:54	–	osv
OSV	PYSEC-2021-22	15 Apr 202121:15	–	osv
Prion	Design/Logic Flaw	15 Apr 202121:15	–	prion
PyPA	PYSEC-2021-22	15 Apr 202121:15	–	pypa

NVD

Vulners

Node

matrix sydentRange<2.3.0

[
  {
    "product": "sydent",
    "vendor": "matrix-org",
    "versions": [
      {
        "status": "affected",
        "version": "< 2.3.0"
      }
    ]
  }
]

Source	Link
github	www.github.com/matrix-org/sydent/releases/tag/v2.3.0
github	www.github.com/matrix-org/sydent/commit/3d531ed50d2fd41ac387f36d44d3fb2c62dd22d3
github	www.github.com/matrix-org/sydent/commit/0f00412017f25619bc36c264b29ea96808bf310a
pypi	www.pypi.org/project/matrix-sydent/
github	www.github.com/matrix-org/sydent/security/advisories/GHSA-9jhm-8m8c-c3f4
github	www.github.com/matrix-org/sydent/commit/8936925f561b0c352c2fa922d5097d7245aad00a
github	www.github.com/matrix-org/sydent/commit/9e573348d81df8191bbe8c266c01999c9d57cd5f

21 Nov 2024 06:01Current

6.5Medium risk

Vulners AI Score6.5

CVSS 24

CVSS 3.16.5 - 7.7

EPSS0.00303