CVE-2021-29432Improper Input Validation in Sydent

CWE-20Improper Input Validation5 documents4 sources
Severity
5.7MEDIUMNVD
CNA5.3
EPSS
0.3%
top 51.59%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Matrix-org SydentMatrix Sydent
Timeline
PublishedApr 15
Latest updateApr 19

Description

Sydent is a reference matrix identity server. A malicious user could abuse Sydent to send out arbitrary emails from the Sydent email address. This could be used to construct plausible phishing emails, for example. This issue has been fixed in 4469d1d.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:NExploitability: 2.1 | Impact: 3.6

Affected Packages2 packages

NVDmatrix/sydent< 2.3.0
CVEListV5matrix-org/sydent< 2.3.0

Patches

Patch: github.comPatch: github.comPatch: github.com

🔴Vulnerability Details

4
OSV
Malicious users could abuse Sydent to control the content of invitation emails2021-04-19
GHSA
Malicious users could abuse Sydent to control the content of invitation emails2021-04-19
CVEList
Malicious users could control the content of invitation emails2021-04-15
OSV
CVE-2021-29432: Sydent is a reference matrix identity server2021-04-15
CVE-2021-29432 — Improper Input Validation in Sydent | cvebase