Executive Summary

Informations
NameCVE-2019-11340First vendor Publication2019-04-19
VendorCveLast vendor Modification2019-04-22

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:N/I:P/A:N)
Cvss Base Score4.3Attack RangeNetwork
Cvss Impact Score2.9Attack ComplexityMedium
Cvss Expoit Score8.6AuthenticationNone Required
Calculate full CVSS 2.0 Vectors scores

Detail

util/emailutils.py in Matrix Sydent before 1.0.2 mishandles registration restrictions that are based on e-mail domain, if the allowed_local_3pids option is enabled. This occurs because of potentially unwanted behavior in Python, in which an email.utils.parseaddr call on user@bad.example.net@good.example.com returns the user@bad.example.net substring.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11340

CWE : Common Weakness Enumeration

%idName
100 %CWE-20Improper Input Validation

CPE : Common Platform Enumeration

TypeDescriptionCount
Application2

Sources (Detail)

SourceUrl
MISC https://github.com/matrix-org/sydent/commit/4e1cfff53429c49c87d5c457a18ed4355...
https://github.com/matrix-org/sydent/compare/7c002cd...09278fb
https://matrix.org/blog/2019/04/18/security-update-sydent-1-0-2/
https://twitter.com/matrixdotorg/status/1118934335963500545

Alert History

If you want to see full details history, please login or register.
0
1
2
DateInformations
2019-04-23 17:19:03
  • Multiple Updates
2019-04-22 21:19:18
  • Multiple Updates
2019-04-19 21:19:28
  • First insertion