CVE-2020-5281

Description

In Perun before version 3.9.1, VO or group manager can modify configuration of the LDAP extSource to retrieve all from Perun LDAP. Issue is fixed in version 3.9.1 by sanitisation of the input.

CVSS breakdown

CVSS 3.1

Attack Vector

Network

Attack Complexity

High

Privileges Required

High

User Interaction

Required

Scope

Changed

Confidentiality

High

Integrity

Low

Availability

None

Affected products

CESNET / perun< 3.9.1 – < 3.9.1

References

VENDOR_ADVISORYhttps://github.com/CESNET/perun/security/advisories/GHSA-gj88-9q3f-72m3
PATCHhttps://github.com/CESNET/perun/pull/2635
PATCHhttps://github.com/CESNET/perun/commit/ac527bc3225a64208ee5cee59e5918ee360ca039