[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

249461

 
 

909

 
 

195508

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2019-11340Date: (C)2019-04-23   (M)2024-04-19


util/emailutils.py in Matrix Sydent before 1.0.2 mishandles registration restrictions that are based on e-mail domain, if the allowed_local_3pids option is enabled. This occurs because of potentially unwanted behavior in Python, in which an email.utils.parseaddr call on user@bad.example.net@good.example.com returns the user@bad.example.net substring.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V3 Severity:CVSS V2 Severity:
CVSS Score : 5.9CVSS Score : 4.3
Exploit Score: 2.2Exploit Score: 8.6
Impact Score: 3.6Impact Score: 2.9
 
CVSS V3 Metrics:CVSS V2 Metrics:
Attack Vector: NETWORKAccess Vector: NETWORK
Attack Complexity: HIGHAccess Complexity: MEDIUM
Privileges Required: NONEAuthentication: NONE
User Interaction: NONEConfidentiality: NONE
Scope: UNCHANGEDIntegrity: PARTIAL
Confidentiality: NONEAvailability: NONE
Integrity: HIGH 
Availability: NONE 
  
Reference:
https://github.com/matrix-org/sydent/commit/4e1cfff53429c49c87d5c457a18ed435520044fc
https://github.com/matrix-org/sydent/compare/7c002cd...09278fb
https://matrix.org/blog/2019/04/18/security-update-sydent-1-0-2/
https://twitter.com/matrixdotorg/status/1118934335963500545

CWE    1
CWE-20
OVAL    1
oval:org.secpod.oval:def:2105460

© SecPod Technologies