{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-38686", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2023-07-24T16:19:28.363Z", "datePublished": "2023-08-04T15:57:15.760Z", "dateUpdated": "2024-10-08T17:50:55.903Z"}, "containers": {"cna": {"title": "Sydent does not verify email server certificates", "problemTypes": [{"descriptions": [{"cweId": "CWE-295", "lang": "en", "description": "CWE-295: Improper Certificate Validation", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "NONE", "baseScore": 9.3, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N", "version": "3.1"}}], "references": [{"name": "https://github.com/matrix-org/sydent/security/advisories/GHSA-p6hw-wm59-3g5g", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/matrix-org/sydent/security/advisories/GHSA-p6hw-wm59-3g5g"}, {"name": "https://github.com/python/cpython/issues/91826", "tags": ["x_refsource_MISC"], "url": "https://github.com/python/cpython/issues/91826"}, {"name": "https://github.com/matrix-org/sydent/pull/574", "tags": ["x_refsource_MISC"], "url": "https://github.com/matrix-org/sydent/pull/574"}, {"name": "https://github.com/matrix-org/sydent/commit/1cd748307c6b168b66154e6c4db715d4b9551261", "tags": ["x_refsource_MISC"], "url": "https://github.com/matrix-org/sydent/commit/1cd748307c6b168b66154e6c4db715d4b9551261"}, {"name": "https://docs.python.org/3/library/ssl.html?highlight=ssl#security-considerations", "tags": ["x_refsource_MISC"], "url": "https://docs.python.org/3/library/ssl.html?highlight=ssl#security-considerations"}, {"name": "https://github.com/matrix-org/sydent/releases/tag/v2.5.6", "tags": ["x_refsource_MISC"], "url": "https://github.com/matrix-org/sydent/releases/tag/v2.5.6"}, {"name": "https://peps.python.org/pep-0476/", "tags": ["x_refsource_MISC"], "url": "https://peps.python.org/pep-0476/"}], "affected": [{"vendor": "matrix-org", "product": "sydent", "versions": [{"version": "< 2.5.6", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2023-08-04T15:57:15.760Z"}, "descriptions": [{"lang": "en", "value": "Sydent is an identity server for the Matrix communications protocol. Prior to version 2.5.6, if configured to send emails using TLS, Sydent does not verify SMTP servers' certificates. This makes Sydent's emails vulnerable to interception via a man-in-the-middle (MITM) attack. Attackers with privileged access to the network can intercept room invitations and address confirmation emails. This is patched in Sydent 2.5.6. When patching, make sure that Sydent trusts the certificate of the server it is connecting to. This should happen automatically when using properly issued certificates. Those who use self-signed certificates should make sure to copy their Certification Authority certificate, or their self signed certificate if using only one, to the trust store of your operating system. As a workaround, one can ensure Sydent's emails fail to send by setting the configured SMTP server to a loopback or non-routable address under one's control which does not have a listening SMTP server."}], "source": {"advisory": "GHSA-p6hw-wm59-3g5g", "discovery": "UNKNOWN"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T17:46:56.843Z"}, "title": "CVE Program Container", "references": [{"name": "https://github.com/matrix-org/sydent/security/advisories/GHSA-p6hw-wm59-3g5g", "tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/matrix-org/sydent/security/advisories/GHSA-p6hw-wm59-3g5g"}, {"name": "https://github.com/python/cpython/issues/91826", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/python/cpython/issues/91826"}, {"name": "https://github.com/matrix-org/sydent/pull/574", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/matrix-org/sydent/pull/574"}, {"name": "https://github.com/matrix-org/sydent/commit/1cd748307c6b168b66154e6c4db715d4b9551261", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/matrix-org/sydent/commit/1cd748307c6b168b66154e6c4db715d4b9551261"}, {"name": "https://docs.python.org/3/library/ssl.html?highlight=ssl#security-considerations", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://docs.python.org/3/library/ssl.html?highlight=ssl#security-considerations"}, {"name": "https://github.com/matrix-org/sydent/releases/tag/v2.5.6", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/matrix-org/sydent/releases/tag/v2.5.6"}, {"name": "https://peps.python.org/pep-0476/", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://peps.python.org/pep-0476/"}]}, {"affected": [{"vendor": "matrix", "product": "sydent", "cpes": ["cpe:2.3:a:matrix:sydent:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "2.5.6", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-10-08T17:45:32.889405Z", "id": "CVE-2023-38686", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-08T17:50:55.903Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://github.com/matrix-org/sydent/security/advisories/GHSA-p6hw-wm59-3g5g", "name": "https://github.com/matrix-org/sydent/security/advisories/GHSA-p6hw-wm59-3g5g", "tags": ["x_refsource_CONFIRM", "x_transferred"]}, {"url": "https://github.com/python/cpython/issues/91826", "name": "https://github.com/python/cpython/issues/91826", "tags": ["x_refsource_MISC", "x_transferred"]}, {"url": "https://github.com/matrix-org/sydent/pull/574", "name": "https://github.com/matrix-org/sydent/pull/574", "tags": ["x_refsource_MISC", "x_transferred"]}, {"url": "https://github.com/matrix-org/sydent/commit/1cd748307c6b168b66154e6c4db715d4b9551261", "name": "https://github.com/matrix-org/sydent/commit/1cd748307c6b168b66154e6c4db715d4b9551261", "tags": ["x_refsource_MISC", "x_transferred"]}, {"url": "https://docs.python.org/3/library/ssl.html?highlight=ssl#security-considerations", "name": "https://docs.python.org/3/library/ssl.html?highlight=ssl#security-considerations", "tags": ["x_refsource_MISC", "x_transferred"]}, {"url": "https://github.com/matrix-org/sydent/releases/tag/v2.5.6", "name": "https://github.com/matrix-org/sydent/releases/tag/v2.5.6", "tags": ["x_refsource_MISC", "x_transferred"]}, {"url": "https://peps.python.org/pep-0476/", "name": "https://peps.python.org/pep-0476/", "tags": ["x_refsource_MISC", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T17:46:56.843Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-38686", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-10-08T17:45:32.889405Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:matrix:sydent:*:*:*:*:*:*:*:*"], "vendor": "matrix", "product": "sydent", "versions": [{"status": "affected", "version": "0", "lessThan": "2.5.6", "versionType": "custom"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-08T17:49:57.998Z"}}], "cna": {"title": "Sydent does not verify email server certificates", "source": {"advisory": "GHSA-p6hw-wm59-3g5g", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 9.3, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "matrix-org", "product": "sydent", "versions": [{"status": "affected", "version": "< 2.5.6"}]}], "references": [{"url": "https://github.com/matrix-org/sydent/security/advisories/GHSA-p6hw-wm59-3g5g", "name": "https://github.com/matrix-org/sydent/security/advisories/GHSA-p6hw-wm59-3g5g", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/python/cpython/issues/91826", "name": "https://github.com/python/cpython/issues/91826", "tags": ["x_refsource_MISC"]}, {"url": "https://github.com/matrix-org/sydent/pull/574", "name": "https://github.com/matrix-org/sydent/pull/574", "tags": ["x_refsource_MISC"]}, {"url": "https://github.com/matrix-org/sydent/commit/1cd748307c6b168b66154e6c4db715d4b9551261", "name": "https://github.com/matrix-org/sydent/commit/1cd748307c6b168b66154e6c4db715d4b9551261", "tags": ["x_refsource_MISC"]}, {"url": "https://docs.python.org/3/library/ssl.html?highlight=ssl#security-considerations", "name": "https://docs.python.org/3/library/ssl.html?highlight=ssl#security-considerations", "tags": ["x_refsource_MISC"]}, {"url": "https://github.com/matrix-org/sydent/releases/tag/v2.5.6", "name": "https://github.com/matrix-org/sydent/releases/tag/v2.5.6", "tags": ["x_refsource_MISC"]}, {"url": "https://peps.python.org/pep-0476/", "name": "https://peps.python.org/pep-0476/", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "Sydent is an identity server for the Matrix communications protocol. Prior to version 2.5.6, if configured to send emails using TLS, Sydent does not verify SMTP servers' certificates. This makes Sydent's emails vulnerable to interception via a man-in-the-middle (MITM) attack. Attackers with privileged access to the network can intercept room invitations and address confirmation emails. This is patched in Sydent 2.5.6. When patching, make sure that Sydent trusts the certificate of the server it is connecting to. This should happen automatically when using properly issued certificates. Those who use self-signed certificates should make sure to copy their Certification Authority certificate, or their self signed certificate if using only one, to the trust store of your operating system. As a workaround, one can ensure Sydent's emails fail to send by setting the configured SMTP server to a loopback or non-routable address under one's control which does not have a listening SMTP server."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-295", "description": "CWE-295: Improper Certificate Validation"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2023-08-04T15:57:15.760Z"}}}, "cveMetadata": {"cveId": "CVE-2023-38686", "state": "PUBLISHED", "dateUpdated": "2024-10-08T17:50:55.903Z", "dateReserved": "2023-07-24T16:19:28.363Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2023-08-04T15:57:15.760Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:matrix:sydent:*:*:*:*:*:*:*:*", "matchCriteriaId": "591FD375-A95C-4A68-A63F-E7DC33B4533A", "versionEndExcluding": "2.5.6", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Sydent is an identity server for the Matrix communications protocol. Prior to version 2.5.6, if configured to send emails using TLS, Sydent does not verify SMTP servers' certificates. This makes Sydent's emails vulnerable to interception via a man-in-the-middle (MITM) attack. Attackers with privileged access to the network can intercept room invitations and address confirmation emails. This is patched in Sydent 2.5.6. When patching, make sure that Sydent trusts the certificate of the server it is connecting to. This should happen automatically when using properly issued certificates. Those who use self-signed certificates should make sure to copy their Certification Authority certificate, or their self signed certificate if using only one, to the trust store of your operating system. As a workaround, one can ensure Sydent's emails fail to send by setting the configured SMTP server to a loopback or non-routable address under one's control which does not have a listening SMTP server."}, {"lang": "es", "value": "Sydent es un servidor de identidad para el protocolo de comunicaciones Matrix. Antes de la versi\u00f3n 2.5.6, si se configuraba para enviar correos electr\u00f3nicos utilizando TLS, Sydent no verificaba los certificados de los servidores SMTP. Esto hace que los correos electr\u00f3nicos de Sydent sean vulnerables a la interceptaci\u00f3n a trav\u00e9s de un ataque man-in-the-middle (MITM). Los atacantes con acceso privilegiado a la red pueden interceptar invitaciones a salas y correos electr\u00f3nicos de confirmaci\u00f3n de direcciones. Esto se ha parcheado en Sydent 2.5.6. Al aplicar el parche, aseg\u00farese de que Sydent conf\u00eda en el certificado del servidor al que se conecta. Esto deber\u00eda ocurrir autom\u00e1ticamente si se utilizan certificados emitidos correctamente. Aquellos que utilicen certificados autofirmados deben asegurarse de copiar su certificado de Autoridad de Certificaci\u00f3n, o su certificado autofirmado si s\u00f3lo utilizan uno, al almac\u00e9n de confianza de su sistema operativo. Como soluci\u00f3n alternativa, puede asegurarse de que los correos electr\u00f3nicos de Sydent no se env\u00eden configurando el servidor SMTP a una direcci\u00f3n de bucle de retorno o no enrutable bajo su control que no tenga un servidor SMTP a la escucha."}], "id": "CVE-2023-38686", "lastModified": "2024-11-21T08:14:03.207", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "NONE", "baseScore": 9.3, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.8, "source": "security-advisories@github.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.6, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-08-04T16:15:10.550", "references": [{"source": "security-advisories@github.com", "tags": ["Technical Description"], "url": "https://docs.python.org/3/library/ssl.html?highlight=ssl#security-considerations"}, {"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/matrix-org/sydent/commit/1cd748307c6b168b66154e6c4db715d4b9551261"}, {"source": "security-advisories@github.com", "tags": ["Issue Tracking", "Patch"], "url": "https://github.com/matrix-org/sydent/pull/574"}, {"source": "security-advisories@github.com", "tags": ["Release Notes"], "url": "https://github.com/matrix-org/sydent/releases/tag/v2.5.6"}, {"source": "security-advisories@github.com", "tags": ["Vendor Advisory"], "url": "https://github.com/matrix-org/sydent/security/advisories/GHSA-p6hw-wm59-3g5g"}, {"source": "security-advisories@github.com", "tags": ["Issue Tracking"], "url": "https://github.com/python/cpython/issues/91826"}, {"source": "security-advisories@github.com", "tags": ["Third Party Advisory"], "url": "https://peps.python.org/pep-0476/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Technical Description"], "url": "https://docs.python.org/3/library/ssl.html?highlight=ssl#security-considerations"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://github.com/matrix-org/sydent/commit/1cd748307c6b168b66154e6c4db715d4b9551261"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Patch"], "url": "https://github.com/matrix-org/sydent/pull/574"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Release Notes"], "url": "https://github.com/matrix-org/sydent/releases/tag/v2.5.6"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://github.com/matrix-org/sydent/security/advisories/GHSA-p6hw-wm59-3g5g"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking"], "url": "https://github.com/python/cpython/issues/91826"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://peps.python.org/pep-0476/"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-295"}], "source": "security-advisories@github.com", "type": "Secondary"}]}

{}

{}