Vulnerability Description
In Perun before version 3.9.1, VO or group manager can modify configuration of the LDAP extSource to retrieve all from Perun LDAP. Issue is fixed in version 3.9.1 by sanitisation of the input.
CVSS Score
6.2
MEDIUM
CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:L/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cesnet | Perun | < 3.9.1 |
Related Weaknesses (CWE)
References
- https://github.com/CESNET/perun/commit/ac527bc3225a64208ee5cee59e5918ee360ca039PatchThird Party Advisory
- https://github.com/CESNET/perun/pull/2635PatchThird Party Advisory
- https://github.com/CESNET/perun/security/advisories/GHSA-gj88-9q3f-72m3Third Party Advisory
- https://github.com/CESNET/perun/commit/ac527bc3225a64208ee5cee59e5918ee360ca039PatchThird Party Advisory
- https://github.com/CESNET/perun/pull/2635PatchThird Party Advisory
- https://github.com/CESNET/perun/security/advisories/GHSA-gj88-9q3f-72m3Third Party Advisory
FAQ
What is CVE-2020-5281?
CVE-2020-5281 is a vulnerability with a CVSS score of 6.2 (MEDIUM). In Perun before version 3.9.1, VO or group manager can modify configuration of the LDAP extSource to retrieve all from Perun LDAP. Issue is fixed in version 3.9.1 by sanitisation of the input.
How severe is CVE-2020-5281?
CVE-2020-5281 has been rated MEDIUM with a CVSS base score of 6.2/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-5281?
Check the references section above for vendor advisories and patch information. Affected products include: Cesnet Perun.