First published: Thu Apr 15 2021(Updated: )
### Impact A malicious user could abuse Sydent to send out arbitrary emails from the Sydent email address. This could be used to construct plausible phishing emails, for example. ### Patches Fixed in 4469d1d, 6b405a8, 65a6e91. Note that these patches include changes to the *default* email templates. If these templates have been locally modified, they must also be updated. ### For more information If you have any questions or comments about this advisory, email us at security@matrix.org.
Credit: security-advisories@github.com security-advisories@github.com
Affected Software | Affected Version | How to fix |
---|---|---|
Matrix Sydent | <2.3.0 | |
pip/matrix-sydent | <2.3.0 | 2.3.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this issue is CVE-2021-29432.
Sydent is a reference matrix identity server.
A malicious user could abuse Sydent to send out arbitrary emails from the Sydent email address.
A malicious user could construct plausible phishing emails using the vulnerability.
Yes, this vulnerability has been fixed in version 2.3.0 of Sydent (commit 4469d1d).