CVE-2020-5281
MEDIUMPerun < 3.9.1 - LDAP Injection via ExtSource Configuration
Title source: llmDescription
In Perun before version 3.9.1, VO or group manager can modify configuration of the LDAP extSource to retrieve all from Perun LDAP. Issue is fixed in version 3.9.1 by sanitisation of the input.
References (3)
Core 3
Core References
Third Party Advisory x_refsource_confirm
https://github.com/CESNET/perun/security/advisories/GHSA-gj88-9q3f-72m3
Patch, Third Party Advisory x_refsource_misc
https://github.com/CESNET/perun/pull/2635
Patch, Third Party Advisory x_refsource_misc
https://github.com/CESNET/perun/commit/ac527bc3225a64208ee5cee59e5918ee360ca039
Scores
CVSS v3
6.2
EPSS
0.0133
EPSS Percentile
67.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:L/A:N
Details
CWE
CWE-90
CWE-732
Status
published
Products (1)
cesnet/perun
< 3.9.1
Published
Mar 25, 2020
Tracked Since
Feb 18, 2026