CVE-2020-5281

MEDIUM

Cesnet Perun < 3.9.1 - Incorrect Permission Assignment

Title source: rule

Description

In Perun before version 3.9.1, VO or group manager can modify configuration of the LDAP extSource to retrieve all from Perun LDAP. Issue is fixed in version 3.9.1 by sanitisation of the input.

References (3)

[Third Party Advisory] https://github.com/CESNET/perun/security/advisories/GHSA-gj88-9q3f-72m3

[Patch, Third Party Advisory] https://github.com/CESNET/perun/pull/2635

[Patch, Third Party Advisory] https://github.com/CESNET/perun/commit/ac527bc3225a64208ee5cee59e5918ee360ca039

View Patch ZIP pw:eip

Scores

CVSS v3 6.2

EPSS 0.0036

EPSS Percentile 57.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:L/A:N

Details

CWE

CWE-90 CWE-732

Status published

Products (1)

cesnet/perun < 3.9.1

Published Mar 25, 2020

Tracked Since Feb 18, 2026