CVE-2021-29431

Sydent is a reference Matrix identity server. Sydent can be induced to send HTTP GET requests to internal systems, due to lack of parameter validation or IP address blacklisting. It is not possible to exfiltrate data or control request headers, but it might be possible to use the attack to perfor...

CVE-2021-29433

Sydent is a reference Matrix identity server. In Sydent versions 2.2.0 and prior, sissing input validation of some parameters on the endpoints used to confirm third-party identifiers could cause excessive use of disk space and memory leading to resource exhaustion. A patch for the vulnerability i...

PYSEC-2021-21

Sydent is a reference Matrix identity server. Sydent does not limit the size of requests it receives from HTTP clients. A malicious user could send an HTTP request with a very large body, leading to memory exhaustion and denial of service. Sydent also does not limit response size for requests it...

Matrix Sydent 输入验证错误漏洞

Matrix Sydent is an implementation of the Matrix Authentication Server API from the Matrix.org Foundation in the UK. Sydent suffers from a security vulnerability that can be exploited by an attacker to send arbitrary e-mail from a Sydent e-mail address...

PT-2021-18208 · Sydent · Sydent

Name of the Vulnerable Software and Affected Versions: Sydent versions prior to 4469d1d Description: A malicious user could abuse Sydent to send out arbitrary emails from the Sydent email address, potentially constructing plausible phishing emails. Recommendations: For versions prior to 4469d1d,...