CVE-2019-11340

Published: Apr 19, 2019Modified: Nov 21, 2024

5.9

Vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

Exploitability: 2.2 / Impact: 3.6

Source: NVD

Description

util/emailutils.py in Matrix Sydent before 1.0.2 mishandles registration restrictions that are based on e-mail domain, if the allowed_local_3pids option is enabled. This occurs because of potentially unwanted behavior in Python, in which an email.utils.parseaddr call on user@bad.example.net@good.example.com returns the user@bad.example.net substring.

Affected (1)

Products: Matrix: Sydent

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Matrix Sydent	Before 1.0.2

Related CWEs

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (8)

https://github.com/matrix-org/sydent/commit/4e1cfff53429c49c87d5c457a18ed435520044fc

Source: cve@mitre.org

PatchThird Party Advisory

https://github.com/matrix-org/sydent/compare/7c002cd...09278fb

Source: cve@mitre.org

PatchThird Party Advisory

https://matrix.org/blog/2019/04/18/security-update-sydent-1-0-2/

Source: cve@mitre.org

Release NotesVendor Advisory

https://twitter.com/matrixdotorg/status/1118934335963500545

Source: cve@mitre.org

Third Party Advisory

https://github.com/matrix-org/sydent/commit/4e1cfff53429c49c87d5c457a18ed435520044fc

Source: af854a3a-2127-422b-91ae-364da2661108

PatchThird Party Advisory

https://github.com/matrix-org/sydent/compare/7c002cd...09278fb

Source: af854a3a-2127-422b-91ae-364da2661108

PatchThird Party Advisory

https://matrix.org/blog/2019/04/18/security-update-sydent-1-0-2/

Source: af854a3a-2127-422b-91ae-364da2661108

Release NotesVendor Advisory

https://twitter.com/matrixdotorg/status/1118934335963500545

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.