Veracode Vulnerability DatabaseVERACODE:41951Improper Certificate Validation
9.3 High
CVSS3
Attack Vector
ADJACENT
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N
0.001 Low
EPSS
Percentile
26.6%
matrix_sydent is vulnerable to Improper Certificate Validation. The vulnerability exists due to the misconfiguration of TLS in emailutils.py, which potentially allows an attacker to preform Man-in-the-Middle (MITM) attacks resulting in sensitive email disclosure.
| CPE | Name | Operator | Version |
|---|---|---|---|
| matrix-sydent | le | 2.5.5 | |
| matrix-sydent | le | 2.5.5 |
References
docs.python.org/3/library/ssl.html?highlight=ssl#security-considerations
github.com/advisories/GHSA-p6hw-wm59-3g5g
github.com/matrix-org/sydent/commit/1cd748307c6b168b66154e6c4db715d4b9551261
github.com/matrix-org/sydent/pull/574
github.com/matrix-org/sydent/releases/tag/v2.5.6
github.com/matrix-org/sydent/security/advisories/GHSA-p6hw-wm59-3g5g
github.com/python/cpython/issues/91826
peps.python.org/pep-0476/
Related
9.3 High
CVSS3
Attack Vector
ADJACENT
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N
0.001 Low
EPSS
Percentile
26.6%