7 matches found
CVE-2019-11340
CVE-2019-11340 stems from Matrix Sydent’s pre-1.0.2 email-domain registration checks, where Python’s email parsing edge-case allows an address like [email protected]@good.example.com to bypass restrictions because email.utils.parseaddr can return the wrong substring. The issue is tied to the e...
CVE-2021-29431
Sydent (Matrix identity server) is affected by a SSRF issue caused by missing validation of hostnames, allowing the server to be induced to issue HTTP GETs to internal systems. The impact is described as not enabling data exfiltration or control of request headers, but it may enable internal port...
CVE-2021-29430
CVE-2021-29430 affects Sydent, the Matrix identity server. The issue allows memory exhaustion/DoS because HTTP requests can have unbounded body sizes and responses from remote homeservers can be very large. The vulnerability impacts servers handling untrusted registration requests. Patched releas...
CVE-2021-29432
Sydent (Matrix identity server) has a vulnerability where a malicious user could abuse Sydent to send arbitrary emails from the Sydent address, enabling plausible phishing emails. Root cause details are not deeply disclosed in the provided documents, but the issue has been fixed in commit 4469d1d...
CVE-2021-29433
CVE-2021-29433 affects Sydent (Matrix identity server) for versions 2.2.0 and earlier, where insufficient input validation on endpoints used to confirm third-party identifiers could cause excessive disk space and memory use, leading to resource exhaustion. A fix is available in version 2.3.0; no ...
CVE-2019-11842
Affected products: Matrix Sydent < 1.0.3 and Matrix Synapse
CVE-2023-38686
Sydent (Matrix Identity Server) is affected pre-2.5.6: when configured to send emails via TLS, it does not verify SMTP server certificates, enabling MITM interception of invitation and address-confirmation emails by an attacker with network access. Root cause: failure to verify TLS SMTP certifica...