Vulnerability Description
Leantime before versions 2.0.15 and 2.1-beta3 has a SQL Injection vulnerability. The impact is high. Malicious users/attackers can execute arbitrary SQL queries negatively affecting the confidentiality, integrity, and availability of the site. Attackers can exfiltrate data like the users' and administrators' password hashes, modify data, or drop tables. The unescaped parameter is "searchUsers" when sending a POST request to "/tickets/showKanban" with a valid session. In the code, the parameter is named "users" in class.tickets.php. This issue is fixed in versions 2.0.15 and 2.1.0 beta 3.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Leantime | Leantime | < 2.0.15 |
Related Weaknesses (CWE)
References
- https://github.com/Leantime/leantime/commit/af0807f0b2c4c3c914b93f1c5d940e6b875fPatchThird Party Advisory
- https://github.com/Leantime/leantime/pull/181PatchThird Party Advisory
- https://github.com/Leantime/leantime/security/advisories/GHSA-ww6x-rhvp-55hpThird Party Advisory
- https://github.com/Leantime/leantime/commit/af0807f0b2c4c3c914b93f1c5d940e6b875fPatchThird Party Advisory
- https://github.com/Leantime/leantime/pull/181PatchThird Party Advisory
- https://github.com/Leantime/leantime/security/advisories/GHSA-ww6x-rhvp-55hpThird Party Advisory
FAQ
What is CVE-2020-5292?
CVE-2020-5292 is a vulnerability with a CVSS score of 8.7 (HIGH). Leantime before versions 2.0.15 and 2.1-beta3 has a SQL Injection vulnerability. The impact is high. Malicious users/attackers can execute arbitrary SQL queries negatively affecting the confidentialit...
How severe is CVE-2020-5292?
CVE-2020-5292 has been rated HIGH with a CVSS base score of 8.7/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-5292?
Check the references section above for vendor advisories and patch information. Affected products include: Leantime Leantime.