CVE-2021-29431Improper Input Validation in Sydent

CWE-20Improper Input ValidationCWE-918Server-Side Request Forgery5 documents4 sources
Severity
6.5MEDIUMNVD
CNA7.7
EPSS
0.3%
top 46.38%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Matrix-org SydentMatrix Sydent
Timeline
PublishedApr 15
Latest updateApr 19

Description

Sydent is a reference Matrix identity server. Sydent can be induced to send HTTP GET requests to internal systems, due to lack of parameter validation or IP address blacklisting. It is not possible to exfiltrate data or control request headers, but it might be possible to use the attack to perform an internal port enumeration. This issue has been addressed in in 9e57334, 8936925, 3d531ed, 0f00412. A potential workaround would be to use a firewall to ensure that Sydent cannot reach internal HTTP

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

NVDmatrix/sydent< 2.3.0
CVEListV5matrix-org/sydent< 2.3.0

Patches

Patch: github.comPatch: github.comPatch: github.com

🔴Vulnerability Details

4
OSV
SSRF in Sydent due to missing validation of hostnames2021-04-19
GHSA
SSRF in Sydent due to missing validation of hostnames2021-04-19
CVEList
SSRF in Sydent due to missing validation of hostnames2021-04-15
OSV
CVE-2021-29431: Sydent is a reference Matrix identity server2021-04-15
CVE-2021-29431 — Improper Input Validation in Sydent | cvebase