Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW1oNzQtNG01Zy1mY2p4
Malicious users could abuse Sydent to control the content of invitation emails
Impact
A malicious user could abuse Sydent to send out arbitrary emails from the Sydent email address. This could be used to construct plausible phishing emails, for example.
Patches
Fixed in 4469d1d, 6b405a8, 65a6e91.
Note that these patches include changes to the default email templates. If these templates have been locally modified, they must also be updated.
For more information
If you have any questions or comments about this advisory, email us at [email protected].
Permalink: https://github.com/advisories/GHSA-mh74-4m5g-fcjxJSON: https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW1oNzQtNG01Zy1mY2p4
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: about 3 years ago
Updated: over 1 year ago
CVSS Score: 5.3
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Identifiers: GHSA-mh74-4m5g-fcjx, CVE-2021-29432
References:
- https://github.com/matrix-org/sydent/security/advisories/GHSA-mh74-4m5g-fcjx
- https://pypi.org/project/matrix-sydent/
- https://nvd.nist.gov/vuln/detail/CVE-2021-29432
- https://github.com/matrix-org/sydent/commit/4469d1d42b2b1612b70638224c07e19623039c42
- https://github.com/matrix-org/sydent/releases/tag/v2.3.0
- https://github.com/advisories/GHSA-mh74-4m5g-fcjx
Blast Radius: 0.0
Affected Packages
pypi:matrix-sydent
Dependent packages: 0Dependent repositories: 1
Downloads: 129 last month
Affected Version Ranges: < 2.3.0
Fixed in: 2.3.0
All affected versions: 2.0.0, 2.0.1, 2.1.0, 2.2.0
All unaffected versions: 2.3.0, 2.4.0, 2.4.1, 2.4.2, 2.4.3, 2.4.4, 2.4.5, 2.4.6, 2.5.0, 2.5.1, 2.5.2, 2.5.3, 2.5.4, 2.5.5, 2.5.6, 2.6.0, 2.6.1