CVE-2021-29432

Published: Apr 15, 2021Modified: Nov 21, 2024

5.7

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N

Exploitability: 2.1 / Impact: 3.6

Source: NVD

Description

Sydent is a reference matrix identity server. A malicious user could abuse Sydent to send out arbitrary emails from the Sydent email address. This could be used to construct plausible phishing emails, for example. This issue has been fixed in 4469d1d.

Affected (1)

Products: Matrix: Sydent

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Matrix Sydent	Before 2.3.0

Related CWEs

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (8)

https://github.com/matrix-org/sydent/commit/4469d1d42b2b1612b70638224c07e19623039c42

Source: security-advisories@github.com

PatchThird Party Advisory

https://github.com/matrix-org/sydent/releases/tag/v2.3.0

Source: security-advisories@github.com

Release NotesThird Party Advisory

https://github.com/matrix-org/sydent/security/advisories/GHSA-mh74-4m5g-fcjx

Source: security-advisories@github.com

PatchThird Party Advisory

https://pypi.org/project/matrix-sydent/

Source: security-advisories@github.com

ProductThird Party Advisory

https://github.com/matrix-org/sydent/commit/4469d1d42b2b1612b70638224c07e19623039c42

Source: af854a3a-2127-422b-91ae-364da2661108

PatchThird Party Advisory

https://github.com/matrix-org/sydent/releases/tag/v2.3.0

Source: af854a3a-2127-422b-91ae-364da2661108

Release NotesThird Party Advisory

https://github.com/matrix-org/sydent/security/advisories/GHSA-mh74-4m5g-fcjx

Source: af854a3a-2127-422b-91ae-364da2661108

PatchThird Party Advisory

https://pypi.org/project/matrix-sydent/

Source: af854a3a-2127-422b-91ae-364da2661108

ProductThird Party Advisory

Timeline

No history available yet.