CVE-2020-5281

Опубликовано: 25 мар. 2020

Источник: nvd

CVSS3: 6.2

CVSS3: 7.5

CVSS2: 5

EPSS Низкий

Описание

In Perun before version 3.9.1, VO or group manager can modify configuration of the LDAP extSource to retrieve all from Perun LDAP. Issue is fixed in version 3.9.1 by sanitisation of the input.

Ссылки

https://github.com/CESNET/perun/commit/ac527bc3225a64208ee5cee59e5918ee360ca039
Patch
Third Party Advisory
https://github.com/CESNET/perun/pull/2635
Patch
Third Party Advisory
https://github.com/CESNET/perun/security/advisories/GHSA-gj88-9q3f-72m3
Third Party Advisory
https://github.com/CESNET/perun/commit/ac527bc3225a64208ee5cee59e5918ee360ca039
Patch
Third Party Advisory
https://github.com/CESNET/perun/pull/2635
Patch
Third Party Advisory
https://github.com/CESNET/perun/security/advisories/GHSA-gj88-9q3f-72m3
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:cesnet:perun:*:*:*:*:*:*:*:*

Версия до 3.9.1 (исключая)

EPSS

Процентиль: 57%

0.00357

Низкий

6.2 Medium

CVSS3

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-90

CWE-732

EPSS

Процентиль: 57%

0.00357

Низкий

6.2 Medium

CVSS3

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-90

CWE-732