Vulnerability Details CVE-2020-5246
Traccar GPS Tracking System before version 4.9 has a LDAP injection vulnerability. It occurs when user input is being used in LDAP search filter. By providing specially crafted input, an attacker can modify the logic of the LDAP query and get admin privileges. The issue only impacts instances with LDAP configuration and where users can craft their own names. This has been patched in version 4.9.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 43.1%
CVSS Severity
CVSS v3 Score 7.7
CVSS v2 Score 4.0
References
- https://github.com/traccar/traccar/commit/e4f6e74e57ab743b65d49ae00f6624a20ca0291e
- https://github.com/traccar/traccar/security/advisories/GHSA-v955-7g22-2p49
- https://github.com/traccar/traccar/commit/e4f6e74e57ab743b65d49ae00f6624a20ca0291e
- https://github.com/traccar/traccar/security/advisories/GHSA-v955-7g22-2p49
Products affected by CVE-2020-5246
-
cpe:2.3:a:traccar:traccar:2.0
-
cpe:2.3:a:traccar:traccar:2.1
-
cpe:2.3:a:traccar:traccar:2.10
-
cpe:2.3:a:traccar:traccar:2.11
-
cpe:2.3:a:traccar:traccar:2.12
-
cpe:2.3:a:traccar:traccar:2.2
-
cpe:2.3:a:traccar:traccar:2.3
-
cpe:2.3:a:traccar:traccar:2.4
-
cpe:2.3:a:traccar:traccar:2.5
-
cpe:2.3:a:traccar:traccar:2.6
-
cpe:2.3:a:traccar:traccar:2.7
-
cpe:2.3:a:traccar:traccar:2.8
-
cpe:2.3:a:traccar:traccar:2.9
-
cpe:2.3:a:traccar:traccar:3.0
-
cpe:2.3:a:traccar:traccar:3.1
-
cpe:2.3:a:traccar:traccar:3.10
-
cpe:2.3:a:traccar:traccar:3.11
-
cpe:2.3:a:traccar:traccar:3.12
-
cpe:2.3:a:traccar:traccar:3.13
-
cpe:2.3:a:traccar:traccar:3.14
-
cpe:2.3:a:traccar:traccar:3.15
-
cpe:2.3:a:traccar:traccar:3.16
-
cpe:2.3:a:traccar:traccar:3.17
-
cpe:2.3:a:traccar:traccar:3.2
-
cpe:2.3:a:traccar:traccar:3.3
-
cpe:2.3:a:traccar:traccar:3.4
-
cpe:2.3:a:traccar:traccar:3.5
-
cpe:2.3:a:traccar:traccar:3.6
-
cpe:2.3:a:traccar:traccar:3.7
-
cpe:2.3:a:traccar:traccar:3.8
-
cpe:2.3:a:traccar:traccar:3.9
-
cpe:2.3:a:traccar:traccar:4.0
-
cpe:2.3:a:traccar:traccar:4.1
-
cpe:2.3:a:traccar:traccar:4.2
-
cpe:2.3:a:traccar:traccar:4.3
-
cpe:2.3:a:traccar:traccar:4.4
-
cpe:2.3:a:traccar:traccar:4.5
-
cpe:2.3:a:traccar:traccar:4.6
-
cpe:2.3:a:traccar:traccar:4.7
-
cpe:2.3:a:traccar:traccar:4.8