app/views_mod/user/user.py in LibrIT PaSSHport through 2.5 is affected by LDAP Injection. There is an information leak through the crafting of special queries, escaping the provided search filter because user input gets no sanitization.
https://jorgectf.gitlab.io/disclosure/cve-2021-3027/
https://github.com/LibrIT/passhport/pull/562
https://github.com/LibrIT/passhport/commit/366b03f607729c4538e91b634ecc57c8398522a1
Source: Mitre, NVD
Published: 2021-03-26
Updated: 2026-06-17
Base Score: 4
Vector: CVSS2#AV:N/AC:L/Au:S/C:P/I:N/A:N
Severity: Medium
Base Score: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
EPSS: 0.00405