Home > Vulnerability Database > CVE-2021-29432

Mend.io Vulnerability Database

CVE-2021-29432

Good to know:

Date: April 15, 2021

Sydent is a reference matrix identity server. A malicious user could abuse Sydent to send out arbitrary emails from the Sydent email address. This could be used to construct plausible phishing emails, for example. This issue has been fixed in 4469d1d.

Language: Python

Severity Score

5.3

Related Resources (8)

Url: https://github.com/matrix-org/sydent/security/advisories/GHSA-mh74-4m5g-fcjx

Url: https://github.com/pypa/advisory-database/tree/main/vulns/matrix-sydent/PYSEC-2021-23.yaml

Url: https://pypi.org/project/matrix-sydent/

Url: https://nvd.nist.gov/vuln/detail/CVE-2021-29432

Url: https://pypi.org/project/matrix-sydent

Url: https://github.com/matrix-org/sydent/releases/tag/v2.3.0

Url: https://github.com/matrix-org/sydent/commit/4469d1d42b2b1612b70638224c07e19623039c42

Url: https://www.mend.io/vulnerability-database/CVE-2021-29432

Severity Score

5.3

Weakness Type (CWE)

Input Validation

CWE-20

Insufficient Information

NVD-CWE-noinfo

Top Fix

Upgrade Version

Upgrade to version matrix-sydent - 2.3.0

Learn More

CVSS v3.1

Base Score:	5.3
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	NONE
Availability (A):	NONE

CVSS v2

Base Score:	3.5
Access Vector (AV):	NETWORK
Access Complexity (AC):	MEDIUM
Authentication (AU):	SINGLE
Confidentiality (C):	NONE
Integrity (I):	PARTIAL
Availability (A):	NONE
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2021-29432

Good to know:

Date: April 15, 2021

Language: Python

Severity Score

Related Resources (8)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

CVSS v2

Do you need more information?