CVE-2020-5281

2020-03-2518:15:14

Google

osv.dev

6.7 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

52.2%

JSON

In Perun before version 3.9.1, VO or group manager can modify configuration of the LDAP extSource to retrieve all from Perun LDAP. Issue is fixed in version 3.9.1 by sanitisation of the input.

CPENameOperatorVersion
peruneq3.9.0

CPE	Name	Operator	Version
	perun	eq	3.9.0

References

github.com/CESNET/perun/commit/ac527bc3225a64208ee5cee59e5918ee360ca039

github.com/CESNET/perun/pull/2635

github.com/CESNET/perun/security/advisories/GHSA-gj88-9q3f-72m3