Vulnerability Details CVE-2020-5281
In Perun before version 3.9.1, VO or group manager can modify configuration of the LDAP extSource to retrieve all from Perun LDAP. Issue is fixed in version 3.9.1 by sanitisation of the input.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.004
EPSS Ranking 57.1%
CVSS Severity
CVSS v3 Score 6.2
CVSS v2 Score 5.0
References
- https://github.com/CESNET/perun/commit/ac527bc3225a64208ee5cee59e5918ee360ca039
- https://github.com/CESNET/perun/pull/2635
- https://github.com/CESNET/perun/security/advisories/GHSA-gj88-9q3f-72m3
- https://github.com/CESNET/perun/commit/ac527bc3225a64208ee5cee59e5918ee360ca039
- https://github.com/CESNET/perun/pull/2635
- https://github.com/CESNET/perun/security/advisories/GHSA-gj88-9q3f-72m3
Products affected by CVE-2020-5281
-
cpe:2.3:a:cesnet:perun:3.1.0
-
cpe:2.3:a:cesnet:perun:3.1.1
-
cpe:2.3:a:cesnet:perun:3.1.2
-
cpe:2.3:a:cesnet:perun:3.1.3
-
cpe:2.3:a:cesnet:perun:3.1.4
-
cpe:2.3:a:cesnet:perun:3.1.5
-
cpe:2.3:a:cesnet:perun:3.1.6
-
cpe:2.3:a:cesnet:perun:3.1.7
-
cpe:2.3:a:cesnet:perun:3.1.8
-
cpe:2.3:a:cesnet:perun:3.1.9
-
cpe:2.3:a:cesnet:perun:3.2.0
-
cpe:2.3:a:cesnet:perun:3.2.1
-
cpe:2.3:a:cesnet:perun:3.2.2
-
cpe:2.3:a:cesnet:perun:3.2.3
-
cpe:2.3:a:cesnet:perun:3.2.4
-
cpe:2.3:a:cesnet:perun:3.3.0
-
cpe:2.3:a:cesnet:perun:3.3.1
-
cpe:2.3:a:cesnet:perun:3.3.2
-
cpe:2.3:a:cesnet:perun:3.3.3
-
cpe:2.3:a:cesnet:perun:3.3.4
-
cpe:2.3:a:cesnet:perun:3.3.5
-
cpe:2.3:a:cesnet:perun:3.3.6
-
cpe:2.3:a:cesnet:perun:3.3.7
-
cpe:2.3:a:cesnet:perun:3.3.8
-
cpe:2.3:a:cesnet:perun:3.3.9
-
cpe:2.3:a:cesnet:perun:3.4.0
-
cpe:2.3:a:cesnet:perun:3.4.1
-
cpe:2.3:a:cesnet:perun:3.4.2
-
cpe:2.3:a:cesnet:perun:3.4.3
-
cpe:2.3:a:cesnet:perun:3.4.4
-
cpe:2.3:a:cesnet:perun:3.4.5
-
cpe:2.3:a:cesnet:perun:3.4.6
-
cpe:2.3:a:cesnet:perun:3.5.0
-
cpe:2.3:a:cesnet:perun:3.5.1
-
cpe:2.3:a:cesnet:perun:3.5.2
-
cpe:2.3:a:cesnet:perun:3.5.3
-
cpe:2.3:a:cesnet:perun:3.5.4
-
cpe:2.3:a:cesnet:perun:3.5.5
-
cpe:2.3:a:cesnet:perun:3.5.6
-
cpe:2.3:a:cesnet:perun:3.5.7
-
cpe:2.3:a:cesnet:perun:3.6.0
-
cpe:2.3:a:cesnet:perun:3.6.1
-
cpe:2.3:a:cesnet:perun:3.6.2
-
cpe:2.3:a:cesnet:perun:3.6.3
-
cpe:2.3:a:cesnet:perun:3.7.0
-
cpe:2.3:a:cesnet:perun:3.7.1
-
cpe:2.3:a:cesnet:perun:3.7.2
-
cpe:2.3:a:cesnet:perun:3.7.3
-
cpe:2.3:a:cesnet:perun:3.7.4
-
cpe:2.3:a:cesnet:perun:3.7.5
-
cpe:2.3:a:cesnet:perun:3.7.6
-
cpe:2.3:a:cesnet:perun:3.7.7
-
cpe:2.3:a:cesnet:perun:3.7.8
-
cpe:2.3:a:cesnet:perun:3.8.0
-
cpe:2.3:a:cesnet:perun:3.8.1
-
cpe:2.3:a:cesnet:perun:3.8.10
-
cpe:2.3:a:cesnet:perun:3.8.11
-
cpe:2.3:a:cesnet:perun:3.8.12
-
cpe:2.3:a:cesnet:perun:3.8.2
-
cpe:2.3:a:cesnet:perun:3.8.3
-
cpe:2.3:a:cesnet:perun:3.8.4
-
cpe:2.3:a:cesnet:perun:3.8.5
-
cpe:2.3:a:cesnet:perun:3.8.6
-
cpe:2.3:a:cesnet:perun:3.8.7
-
cpe:2.3:a:cesnet:perun:3.8.8
-
cpe:2.3:a:cesnet:perun:3.8.9
-
cpe:2.3:a:cesnet:perun:3.9.0