CVE-2020-5281 Vulnerability Details

  /     /     /  

CVE-2020-5281 Metadata Quick Info

CVE Published: 25/03/2020 | CVE Updated: 04/08/2024 | CVE Year: 2020
Source: GitHub_M | Vendor: CESNET | Product: perun
Status : PUBLISHED

---

CVE-2020-5281 Description

In Perun before version 3.9.1, VO or group manager can modify configuration of the LDAP extSource to retrieve all from Perun LDAP. Issue is fixed in version 3.9.1 by sanitisation of the input.

Metrics

CVSS Version: 3.1 | Base Score: 6.2 MEDIUM
Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:L/A:N

l➤ Exploitability Metrics:
    Attack Vector (AV)* NETWORK
    Attack Complexity (AC)* HIGH
    Privileges Required (PR)* HIGH
    User Interaction (UI)* REQUIRED
    Scope (S)* CHANGED

l➤ Impact Metrics:
    Confidentiality Impact (C)* HIGH
    Integrity Impact (I)* LOW
    Availability Impact (A)* NONE

Weakness Enumeration (CWE)

CWE-ID: CWE-90
CWE Name: CWE-90: Improper Neutralization of Special Elements used in an LDAP Query ( LDAP Injection )
Source: CESNET

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).