Lucene search
K
MatrixSydent

7 matches found

CVE
CVE
added 2019/04/19 1:35 p.m.252 views

CVE-2019-11340

CVE-2019-11340 stems from Matrix Sydent’s pre-1.0.2 email-domain registration checks, where Python’s email parsing edge-case allows an address like [email protected]@good.example.com to bypass restrictions because email.utils.parseaddr can return the wrong substring. The issue is tied to the e...

5.9CVSS6.3AI score0.01861EPSS
CVE
CVE
added 2021/04/15 9:0 p.m.113 views

CVE-2021-29431

Sydent (Matrix identity server) is affected by a SSRF issue caused by missing validation of hostnames, allowing the server to be induced to issue HTTP GETs to internal systems. The impact is described as not enabling data exfiltration or control of request headers, but it may enable internal port...

7.7CVSS6.5AI score0.01194EPSS
CVE
CVE
added 2021/04/15 8:35 p.m.103 views

CVE-2021-29430

CVE-2021-29430 affects Sydent, the Matrix identity server. The issue allows memory exhaustion/DoS because HTTP requests can have unbounded body sizes and responses from remote homeservers can be very large. The vulnerability impacts servers handling untrusted registration requests. Patched releas...

7.5CVSS7.3AI score0.01833EPSS
CVE
CVE
added 2021/04/15 8:45 p.m.100 views

CVE-2021-29432

Sydent (Matrix identity server) has a vulnerability where a malicious user could abuse Sydent to send arbitrary emails from the Sydent address, enabling plausible phishing emails. Root cause details are not deeply disclosed in the provided documents, but the issue has been fixed in commit 4469d1d...

5.7CVSS5.3AI score0.00934EPSS
CVE
CVE
added 2021/04/15 5:55 p.m.97 views

CVE-2021-29433

CVE-2021-29433 affects Sydent (Matrix identity server) for versions 2.2.0 and earlier, where insufficient input validation on endpoints used to confirm third-party identifiers could cause excessive disk space and memory use, leading to resource exhaustion. A fix is available in version 2.3.0; no ...

4.3CVSS4.4AI score0.00927EPSS
CVE
CVE
added 2019/05/09 5:6 p.m.84 views

CVE-2019-11842

Affected products: Matrix Sydent < 1.0.3 and Matrix Synapse

7.5CVSS7.5AI score0.0178EPSS
CVE
CVE
added 2023/08/04 3:57 p.m.78 views

CVE-2023-38686

Sydent (Matrix Identity Server) is affected pre-2.5.6: when configured to send emails via TLS, it does not verify SMTP server certificates, enabling MITM interception of invitation and address-confirmation emails by an attacker with network access. Root cause: failure to verify TLS SMTP certifica...

9.3CVSS6.9AI score0.00229EPSS