CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-5281 – LDAP connector injection in Perun
https://notcve.org/view.php?id=CVE-2020-5281
In Perun before version 3.9.1, VO or group manager can modify configuration of the LDAP extSource to retrieve all from Perun LDAP. Issue is fixed in version 3.9.1 by sanitisation of the input. En Perun versiones anteriores a 3.9.1, VO o el administrador de grupo pueden modificar la configuración de LDAP extSource para recuperar todo desde Perun LDAP. El problema es corregido en la versión 3.9.1, mediante el saneamiento de la entrada. • https://github.com/CESNET/perun/commit/ac527bc3225a64208ee5cee59e5918ee360ca039 https://github.com/CESNET/perun/pull/2635 https://github.com/CESNET/perun/security/advisories/GHSA-gj88-9q3f-72m3 • CWE-90: Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection') CWE-732: Incorrect Permission Assignment for Critical Resource •