Every CVE whose affected-product data names Matrix Sydent, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (7)
CVE-2023-38686 — CVSS 9.3 (critical): Sydent is an identity server for the Matrix communications protocol. Prior to version 2.5.6, if configured to send emails using TLS, Sydent…
CVE-2021-29431 — CVSS 7.7 (high): Sydent is a reference Matrix identity server. Sydent can be induced to send HTTP GET requests to internal systems, due to lack of parameter…
CVE-2021-29430 — CVSS 7.5 (high): Sydent is a reference Matrix identity server. Sydent does not limit the size of requests it receives from HTTP clients. A malicious user…
CVE-2019-11842 — CVSS 7.5 (high): An issue was discovered in Matrix Sydent before 1.0.3 and Synapse before 0.99.3.1. Random number generation is mishandled, which makes it…
CVE-2019-11340 — CVSS 5.9 (medium): util/emailutils.py in Matrix Sydent before 1.0.2 mishandles registration restrictions that are based on e-mail domain, if the…
CVE-2021-29432 — CVSS 5.3 (medium): Sydent is a reference matrix identity server. A malicious user could abuse Sydent to send out arbitrary emails from the Sydent email…
CVE-2021-29433 — CVSS 4.3 (medium): Sydent is a reference Matrix identity server. In Sydent versions 2.2.0 and prior, sissing input validation of some parameters on the…