Vulnerability Description
app/views_mod/user/user.py in LibrIT PaSSHport through 2.5 is affected by LDAP Injection. There is an information leak through the crafting of special queries, escaping the provided search filter because user input gets no sanitization.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Librit | Passhport | <= 2.5 |
Related Weaknesses (CWE)
References
- https://github.com/LibrIT/passhport/commit/366b03f607729c4538e91b634ecc57c839852PatchThird Party Advisory
- https://github.com/LibrIT/passhport/pull/562PatchThird Party Advisory
- https://jorgectf.gitlab.io/disclosure/cve-2021-3027/Third Party Advisory
- https://github.com/LibrIT/passhport/commit/366b03f607729c4538e91b634ecc57c839852PatchThird Party Advisory
- https://github.com/LibrIT/passhport/pull/562PatchThird Party Advisory
- https://jorgectf.gitlab.io/disclosure/cve-2021-3027/Third Party Advisory
FAQ
What is CVE-2021-3027?
CVE-2021-3027 is a vulnerability with a CVSS score of 6.5 (MEDIUM). app/views_mod/user/user.py in LibrIT PaSSHport through 2.5 is affected by LDAP Injection. There is an information leak through the crafting of special queries, escaping the provided search filter beca...
How severe is CVE-2021-3027?
CVE-2021-3027 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-3027?
Check the references section above for vendor advisories and patch information. Affected products include: Librit Passhport.