Is CVE-2021-29431 actively exploited?

CVE-2021-29431 has no public evidence of in-the-wild exploitation as of 2024-11-21.

What is the CVSS score for CVE-2021-29431?

CVE-2021-29431 has a CVSS score of 7.7 (HIGH severity). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N.

How do I patch CVE-2021-29431?

Patch guidance is available from matrix security advisories. CVEDatabase generates AI-assisted remediation guidance on demand for CVE-2021-29431.

Fix CVE-2021-29431 - HIGH matrix sydent

Description

Sydent is a reference Matrix identity server. Sydent can be induced to send HTTP GET requests to internal systems, due to lack of parameter validation or IP address blacklisting. It is not possible to exfiltrate data or control request headers, but it might be possible to use the attack to perform an internal port enumeration. This issue has been addressed in in 9e57334, 8936925, 3d531ed, 0f00412. A potential workaround would be to use a firewall to ensure that Sydent cannot reach internal HTTP resources.

CVSS Metrics

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
Attack Vector: network
Complexity: low
Privileges: low
User Action: none
Scope: changed
Confidentiality: high
Integrity: none
Availability: none
Weaknesses: CWE-20 · Improper Input Validation CWE-918 · Server-Side Request Forgery

Metadata

Primary Vendor: MATRIX
Published: 4/15/2021
Last Modified: 11/21/2024
Source: NIST NVD
Note: Verify all details with official vendor sources before applying patches.

Affected Products

matrix : sydent

Remediation Guidance

Executive Summary

Cite this page

CVE-2021-29431. CVEDatabase.com. Retrieved 3 May 2026. https://cvedatabase.com/cve/CVE-2021-29431

View on NIST NVD

CVE-2021-29431 vulnerability