Sydent Security Vulnerabilities and Issues — Sydent CVE List

Lucene search

MatrixSydent

4 matches found

CVE•added 2021/04/15 9:15 p.m.•98 views

CVE-2021-29431

Sydent is a reference Matrix identity server. Sydent can be induced to send HTTP GET requests to internal systems, due to lack of parameter validation or IP address blacklisting. It is not possible to exfiltrate data or control request headers, but it might be possible to use the attack to perform ...

7.7CVSS6.5AI score0.00303EPSS

CVE•added 2021/04/15 9:15 p.m.•85 views

CVE-2021-29432

Sydent is a reference matrix identity server. A malicious user could abuse Sydent to send out arbitrary emails from the Sydent email address. This could be used to construct plausible phishing emails, for example. This issue has been fixed in 4469d1d.

5.7CVSS5.3AI score0.0025EPSS

CVE•added 2021/04/15 9:15 p.m.•80 views

CVE-2021-29430

Sydent is a reference Matrix identity server. Sydent does not limit the size of requests it receives from HTTP clients. A malicious user could send an HTTP request with a very large body, leading to memory exhaustion and denial of service. Sydent also does not limit response size for requests it ma...

7.5CVSS7.3AI score0.01367EPSS

CVE•added 2021/04/15 6:15 p.m.•80 views

CVE-2021-29433

Sydent is a reference Matrix identity server. In Sydent versions 2.2.0 and prior, sissing input validation of some parameters on the endpoints used to confirm third-party identifiers could cause excessive use of disk space and memory leading to resource exhaustion. A patch for the vulnerability is ...

4.3CVSS4.4AI score0.00281EPSS