Sydent Security Vulnerabilities and Issues — Sydent CVE List

Lucene search

MatrixSydent

3 matches found

CVE•added 2021/04/15 9:15 p.m.•98 views

CVE-2021-29431

Sydent is a reference Matrix identity server. Sydent can be induced to send HTTP GET requests to internal systems, due to lack of parameter validation or IP address blacklisting. It is not possible to exfiltrate data or control request headers, but it might be possible to use the attack to perform ...

7.7CVSS6.5AI score0.00303EPSS

CVE•added 2021/04/15 9:15 p.m.•80 views

CVE-2021-29430

Sydent is a reference Matrix identity server. Sydent does not limit the size of requests it receives from HTTP clients. A malicious user could send an HTTP request with a very large body, leading to memory exhaustion and denial of service. Sydent also does not limit response size for requests it ma...

7.5CVSS7.3AI score0.01367EPSS

CVE•added 2019/05/09 6:29 p.m.•67 views

CVE-2019-11842

An issue was discovered in Matrix Sydent before 1.0.3 and Synapse before 0.99.3.1. Random number generation is mishandled, which makes it easier for attackers to predict a Sydent authentication token or a Synapse random ID.

7.5CVSS7.5AI score0.00535EPSS