Description
app/views_mod/user/user.py in LibrIT PaSSHport through 2.5 is affected by LDAP Injection. There is an information leak through the crafting of special queries, escaping the provided search filter because user input gets no sanitization.
References (3)
Core 3
Core References
Third Party Advisory x_refsource_misc
https://jorgectf.gitlab.io/disclosure/cve-2021-3027/
Patch, Third Party Advisory x_refsource_misc
https://github.com/LibrIT/passhport/pull/562
Patch, Third Party Advisory x_refsource_misc
https://github.com/LibrIT/passhport/commit/366b03f607729c4538e91b634ecc57c8398522a1
Scores
CVSS v3
6.5
EPSS
0.0117
EPSS Percentile
63.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-74
Status
published
Products (1)
librit/passhport
< 2.5
Published
Mar 26, 2021
Tracked Since
Feb 18, 2026