CVE-2020-5281 Information

Description

In Perun before version 3.9.1 VO or group manager can modify configuration of the LDAP extSource to retrieve all from Perun LDAP. Issue is fixed in version 3.9.1 by sanitisation of the input.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Reference

https://github.com/CESNET/perun/commit/ac527bc3225a64208ee5cee59e5918ee360ca039 https://github.com/CESNET/perun/pull/2635 https://github.com/CESNET/perun/security/advisories/GHSA-gj88-9q3f-72m3

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

NONE

Base Score

NONE

Base Severity

7.5