What is CVE-2019-11340?

CVE-2019-11340 is a vulnerability in Matrix Sydent before version 1.0.2 that mishandles registration restrictions based on e-mail domain, if the allowed_local_3pids option is enabled.

How does CVE-2019-11340 occur?

The vulnerability occurs due to potentially unwanted behavior in Python, where an email.utils.parseaddr call on user@bad.example.net@good.example.net results in mishandling of registration restrictions.

What is the severity of CVE-2019-11340?

The severity of CVE-2019-11340 is medium with a CVSS score of 5.9.

How can I fix CVE-2019-11340?

To fix CVE-2019-11340, upgrade Matrix Sydent to version 1.0.2 or above.

Where can I find more information about CVE-2019-11340?

You can find more information about CVE-2019-11340 at the following references: [NVD](https://nvd.nist.gov/vuln/detail/CVE-2019-11340), [GitHub Commit](https://github.com/matrix-org/sydent/commit/4e1cfff53429c49c87d5c457a18ed435520044fc), [GitHub Compare](https://github.com/matrix-org/sydent/compare/7c002cd...09278fb).

Vulnerability/
CVE-2019-11340

medium

5.9

CWE

19/4/2019

24/5/2022

4/8/2024

CVE-2019-11340: Input Validation

First published: Fri Apr 19 2019(Updated: )

util/emailutils.py in Matrix Sydent before 1.0.2 mishandles registration restrictions that are based on e-mail domain, if the allowed_local_3pids option is enabled. This occurs because of potentially unwanted behavior in Python, in which an email.utils.parseaddr call on user@bad.example.net@good.example.com returns the user@bad.example.net substring.

Credit: cve@mitre.org cve@mitre.org

Affected Software	Affected Version	How to fix
Matrix Sydent	<1.0.2

Remedy

https://github.com/matrix-org/sydent/commit/4e1cfff53429c49c87d5c457a18ed435520044fc

Remedy

https://github.com/matrix-org/sydent/compare/7c002cd...09278fb

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is CVE-2019-11340?
CVE-2019-11340 is a vulnerability in Matrix Sydent before version 1.0.2 that mishandles registration restrictions based on e-mail domain, if the allowed_local_3pids option is enabled.
How does CVE-2019-11340 occur?
The vulnerability occurs due to potentially unwanted behavior in Python, where an email.utils.parseaddr call on user@bad.example.net@good.example.net results in mishandling of registration restrictions.
What is the severity of CVE-2019-11340?
The severity of CVE-2019-11340 is medium with a CVSS score of 5.9.
How can I fix CVE-2019-11340?
To fix CVE-2019-11340, upgrade Matrix Sydent to version 1.0.2 or above.
Where can I find more information about CVE-2019-11340?
You can find more information about CVE-2019-11340 at the following references: [NVD](https://nvd.nist.gov/vuln/detail/CVE-2019-11340), [GitHub Commit](https://github.com/matrix-org/sydent/commit/4e1cfff53429c49c87d5c457a18ed435520044fc), [GitHub Compare](https://github.com/matrix-org/sydent/compare/7c002cd...09278fb).

collector/github-advisory-latest
alias/GHSA-q9h8-gpw5-c95c
alias/CVE-2019-11340
collector/github-advisory
collector/nvd-index
collector/nvd-cve
agent/type
agent/author
agent/references
agent/remedy
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/severity
agent/weakness
agent/first-publish-date
agent/event
agent/description
agent/trending
agent/tags
agent/source
package-manager/pip
vendor/matrix
canonical/matrix sydent

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.