Vulnerability Description
Sydent is a reference matrix identity server. A malicious user could abuse Sydent to send out arbitrary emails from the Sydent email address. This could be used to construct plausible phishing emails, for example. This issue has been fixed in 4469d1d.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Matrix | Sydent | < 2.3.0 |
Related Weaknesses (CWE)
References
- https://github.com/matrix-org/sydent/commit/4469d1d42b2b1612b70638224c07e1962303PatchThird Party Advisory
- https://github.com/matrix-org/sydent/releases/tag/v2.3.0Release NotesThird Party Advisory
- https://github.com/matrix-org/sydent/security/advisories/GHSA-mh74-4m5g-fcjxPatchThird Party Advisory
- https://pypi.org/project/matrix-sydent/ProductThird Party Advisory
- https://github.com/matrix-org/sydent/commit/4469d1d42b2b1612b70638224c07e1962303PatchThird Party Advisory
- https://github.com/matrix-org/sydent/releases/tag/v2.3.0Release NotesThird Party Advisory
- https://github.com/matrix-org/sydent/security/advisories/GHSA-mh74-4m5g-fcjxPatchThird Party Advisory
- https://pypi.org/project/matrix-sydent/ProductThird Party Advisory
FAQ
What is CVE-2021-29432?
CVE-2021-29432 is a vulnerability with a CVSS score of 5.3 (MEDIUM). Sydent is a reference matrix identity server. A malicious user could abuse Sydent to send out arbitrary emails from the Sydent email address. This could be used to construct plausible phishing emails,...
How severe is CVE-2021-29432?
CVE-2021-29432 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-29432?
Check the references section above for vendor advisories and patch information. Affected products include: Matrix Sydent.