Lucene search

GitHub_MCVELIST:CVE-2020-5292

HistoryMar 31, 2020 - 6:15 p.m.

CVE-2020-5292 Time-based blind injection in Leantime

2020-03-3118:15:15

CWE-89

GitHub_M

www.cve.org

8.7 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N

9 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

53.7%

JSON

Leantime before versions 2.0.15 and 2.1-beta3 has a SQL Injection vulnerability. The impact is high. Malicious users/attackers can execute arbitrary SQL queries negatively affecting the confidentiality, integrity, and availability of the site. Attackers can exfiltrate data like the users’ and administrators’ password hashes, modify data, or drop tables. The unescaped parameter is “searchUsers” when sending a POST request to “/tickets/showKanban” with a valid session. In the code, the parameter is named “users” in class.tickets.php. This issue is fixed in versions 2.0.15 and 2.1.0 beta 3.

CNA Affected

[
  {
    "product": "Leantime",
    "vendor": "Leantime",
    "versions": [
      {
        "status": "affected",
        "version": "< 2.0.15"
      }
    ]
  }
]

References

github.com/Leantime/leantime/commit/af0807f0b2c4c3c914b93f1c5d940e6b875f231f

github.com/Leantime/leantime/pull/181

github.com/Leantime/leantime/security/advisories/GHSA-ww6x-rhvp-55hp

8.7 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N

9 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

53.7%

JSON

Related for CVELIST:CVE-2020-5292