CVE-2023-38686 – Sydent does not verify email server certificates
https://notcve.org/view.php?id=CVE-2023-38686
Sydent is an identity server for the Matrix communications protocol. Prior to version 2.5.6, if configured to send emails using TLS, Sydent does not verify SMTP servers' certificates. This makes Sydent's emails vulnerable to interception via a man-in-the-middle (MITM) attack. Attackers with privileged access to the network can intercept room invitations and address confirmation emails. This is patched in Sydent 2.5.6. • https://docs.python.org/3/library/ssl.html?highlight=ssl#security-considerations https://github.com/matrix-org/sydent/commit/1cd748307c6b168b66154e6c4db715d4b9551261 https://github.com/matrix-org/sydent/pull/574 https://github.com/matrix-org/sydent/releases/tag/v2.5.6 https://github.com/matrix-org/sydent/security/advisories/GHSA-p6hw-wm59-3g5g https://github.com/python/cpython/issues/91826 https://peps.python.org/pep-0476 • CWE-295: Improper Certificate Validation •
CVE-2021-29431 – SSRF in Sydent due to missing validation of hostnames
https://notcve.org/view.php?id=CVE-2021-29431
Sydent is a reference Matrix identity server. Sydent can be induced to send HTTP GET requests to internal systems, due to lack of parameter validation or IP address blacklisting. It is not possible to exfiltrate data or control request headers, but it might be possible to use the attack to perform an internal port enumeration. This issue has been addressed in in 9e57334, 8936925, 3d531ed, 0f00412. A potential workaround would be to use a firewall to ensure that Sydent cannot reach internal HTTP resources. • https://github.com/matrix-org/sydent/commit/0f00412017f25619bc36c264b29ea96808bf310a https://github.com/matrix-org/sydent/commit/3d531ed50d2fd41ac387f36d44d3fb2c62dd22d3 https://github.com/matrix-org/sydent/commit/8936925f561b0c352c2fa922d5097d7245aad00a https://github.com/matrix-org/sydent/commit/9e573348d81df8191bbe8c266c01999c9d57cd5f https://github.com/matrix-org/sydent/releases/tag/v2.3.0 https://github.com/matrix-org/sydent/security/advisories/GHSA-9jhm-8m8c-c3f4 https://pypi.org/project/matrix-sydent • CWE-20: Improper Input Validation CWE-918: Server-Side Request Forgery (SSRF) •
CVE-2021-29432 – Malicious users could control the content of invitation emails
https://notcve.org/view.php?id=CVE-2021-29432
Sydent is a reference matrix identity server. A malicious user could abuse Sydent to send out arbitrary emails from the Sydent email address. This could be used to construct plausible phishing emails, for example. This issue has been fixed in 4469d1d. Sydent es un servidor de identidad de matriz de referencia. • https://github.com/matrix-org/sydent/commit/4469d1d42b2b1612b70638224c07e19623039c42 https://github.com/matrix-org/sydent/releases/tag/v2.3.0 https://github.com/matrix-org/sydent/security/advisories/GHSA-mh74-4m5g-fcjx https://pypi.org/project/matrix-sydent • CWE-20: Improper Input Validation •
CVE-2021-29430 – Denial of service attack via memory exhaustion
https://notcve.org/view.php?id=CVE-2021-29430
Sydent is a reference Matrix identity server. Sydent does not limit the size of requests it receives from HTTP clients. A malicious user could send an HTTP request with a very large body, leading to memory exhaustion and denial of service. Sydent also does not limit response size for requests it makes to remote Matrix homeservers. A malicious homeserver could return a very large response, again leading to memory exhaustion and denial of service. • https://github.com/matrix-org/sydent/commit/0523511d2fb40f2738f8a8549868f44b96e5dab7 https://github.com/matrix-org/sydent/commit/89071a1a754c69a50deac89e6bb74002d4cda19d https://github.com/matrix-org/sydent/commit/f56eee315b6c44fdd9f6aa785cc2ec744a594428 https://github.com/matrix-org/sydent/releases/tag/v2.3.0 https://github.com/matrix-org/sydent/security/advisories/GHSA-wmg4-8cp2-hpg9 https://pypi.org/project/matrix-sydent • CWE-20: Improper Input Validation CWE-400: Uncontrolled Resource Consumption CWE-770: Allocation of Resources Without Limits or Throttling •
CVE-2021-29433 – Denial of service (via resource exhaustion) due to improper input validation
https://notcve.org/view.php?id=CVE-2021-29433
Sydent is a reference Matrix identity server. In Sydent versions 2.2.0 and prior, sissing input validation of some parameters on the endpoints used to confirm third-party identifiers could cause excessive use of disk space and memory leading to resource exhaustion. A patch for the vulnerability is in version 2.3.0. No workarounds are known to exist. Sydent es un servidor de identidad de Matrix de referencia. • https://github.com/matrix-org/sydent/commit/3175fd358ebc2c310eab7a3dbf296ce2bd54c1da https://github.com/matrix-org/sydent/security/advisories/GHSA-pw4v-gr34-2553 • CWE-20: Improper Input Validation CWE-400: Uncontrolled Resource Consumption •