Sydent is a reference matrix identity server. A malicious user could abuse Sydent to send out arbitrary emails from the Sydent email address. This could be used to construct plausible phishing emails, for example. This issue has been fixed in 4469d1d.
References
Link | Resource |
---|---|
https://github.com/matrix-org/sydent/commit/4469d1d42b2b1612b70638224c07e19623039c42 | Patch Third Party Advisory |
https://github.com/matrix-org/sydent/releases/tag/v2.3.0 | Release Notes Third Party Advisory |
https://github.com/matrix-org/sydent/security/advisories/GHSA-mh74-4m5g-fcjx | Patch Third Party Advisory |
https://pypi.org/project/matrix-sydent/ | Product Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: GitHub_M
Published: 2021-04-15T20:45:15
Updated: 2021-04-15T20:45:14
Reserved: 2021-03-30T00:00:00
Link: CVE-2021-29432
JSON object: View
NVD Information
Status : Analyzed
Published: 2021-04-15T21:15:17.630
Modified: 2022-08-03T10:17:27.247
Link: CVE-2021-29432
JSON object: View
Redhat Information
No data.
CWE