Published: 19/04/2019 Updated: 22/04/2019

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

CVSS v3 Base Score: 5.9 | Impact Score: 3.6 | Exploitability Score: 2.2

VMScore: 383

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

util/emailutils.py in Matrix Sydent prior to 1.0.2 mishandles registration restrictions that are based on e-mail domain, if the allowed_local_3pids option is enabled. This occurs because of potentially unwanted behavior in Python, in which an email.utils.parseaddr call on user@bad.example.net@good.example.com returns the user@bad.example.net substring.

Vulnerable Product	Search on Vulmon	Subscribe to Product
matrix sydent

Debian Bug report logs - #940901 python27: CVE-2019-16056 Package: src:python27; Maintainer for src:python27 is Matthias Klose <doko@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sat, 21 Sep 2019 15:30:02 UTC Severity: important Tags: security, upstream Found in versions python27/271 ...

Critical Infrastructure Sectors: Critical Manufacturing

CWE-20 https://twitter.com/matrixdotorg/status/1118934335963500545 https://matrix.org/blog/2019/04/18/security-update-sydent-1-0-2/https://github.com/matrix-org/sydent/compare/7c002cd...09278fb https://github.com/matrix-org/sydent/commit/4e1cfff53429c49c87d5c457a18ed435520044fc https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=940901 https://nvd.nist.gov https://www.cisa.gov/news-events/ics-advisories/icsa-23-348-10

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2019-11340

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

ICS Advisories

References

Vulmon Search

About

Products

Connect