CVE-2020-5281

high

Description

In Perun before version 3.9.1, VO or group manager can modify configuration of the LDAP extSource to retrieve all from Perun LDAP. Issue is fixed in version 3.9.1 by sanitisation of the input.

References

Advisories

https://github.com/CESNET/perun/security/advisories/GHSA-gj88-9q3f-72m3

https://github.com/CESNET/perun/pull/2635

https://github.com/CESNET/perun/commit/ac527bc3225a64208ee5cee59e5918ee360ca039

Details

Source: Mitre, NVD

Published: 2020-03-25

Updated: 2026-06-17

Risk Information

CVSS v2

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Severity: Medium

CVSS v3

Base Score: 7.5

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Severity: High

EPSS

EPSS: 0.00357

Detections

Analytics