CVE-2019-11340

Опубликовано: 19 апр. 2019

Источник: nvd

CVSS3: 5.9

CVSS2: 4.3

EPSS Низкий

Описание

util/emailutils.py in Matrix Sydent before 1.0.2 mishandles registration restrictions that are based on e-mail domain, if the allowed_local_3pids option is enabled. This occurs because of potentially unwanted behavior in Python, in which an email.utils.parseaddr call on user@bad.example.net@good.example.com returns the user@bad.example.net substring.

Ссылки

https://github.com/matrix-org/sydent/commit/4e1cfff53429c49c87d5c457a18ed435520044fc
Patch
Third Party Advisory
https://github.com/matrix-org/sydent/compare/7c002cd...09278fb
Patch
Third Party Advisory
https://matrix.org/blog/2019/04/18/security-update-sydent-1-0-2/
Release Notes
Vendor Advisory
https://twitter.com/matrixdotorg/status/1118934335963500545
Third Party Advisory
https://github.com/matrix-org/sydent/commit/4e1cfff53429c49c87d5c457a18ed435520044fc
Patch
Third Party Advisory
https://github.com/matrix-org/sydent/compare/7c002cd...09278fb
Patch
Third Party Advisory
https://matrix.org/blog/2019/04/18/security-update-sydent-1-0-2/
Release Notes
Vendor Advisory
https://twitter.com/matrixdotorg/status/1118934335963500545
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:matrix:sydent:*:*:*:*:*:*:*:*

Версия до 1.0.2 (исключая)

EPSS

Процентиль: 71%

0.00691

Низкий

5.9 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-20

Связанные уязвимости

CVE-2019-11340

CVSS3: 5.9

debian

почти 7 лет назад

util/emailutils.py in Matrix Sydent before 1.0.2 mishandles registrati ...

GHSA-q9h8-gpw5-c95c

CVSS3: 5.9

github

больше 3 лет назад

Matrix Sydent mishandles emails

EPSS

Процентиль: 71%

0.00691

Низкий

5.9 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-20