Auto-merge PR#3469

2025-08-04 08:44:25 +00:00 · 2020-03-25 14:00:27 -04:00 · 2020-03-25 14:00:27 -04:00 · 24a0db09c4
commit 24a0db09c4
parent be1e0f0836 90dd513c4d
1 changed files with 82 additions and 7 deletions
--- a/2020/5xxx/CVE-2020-5281.json
+++ b/2020/5xxx/CVE-2020-5281.json
@ -1,18 +1,93 @@
 {
-    "data_type": "CVE",
-    "data_format": "MITRE",
-    "data_version": "4.0",
    "CVE_data_meta": {
+        "ASSIGNER": "security-advisories@github.com",
        "ID": "CVE-2020-5281",
-        "ASSIGNER": "cve@mitre.org",
-        "STATE": "RESERVED"
+        "STATE": "PUBLIC",
+        "TITLE": "LDAP connector injection in Perun"
    },
+    "affects": {
+        "vendor": {
+            "vendor_data": [
+                {
+                    "product": {
+                        "product_data": [
+                            {
+                                "product_name": "perun",
+                                "version": {
+                                    "version_data": [
+                                        {
+                                            "version_value": "< 3.9.1"
+                                        }
+                                    ]
+                                }
+                            }
+                        ]
+                    },
+                    "vendor_name": "CESNET"
+                }
+            ]
+        }
+    },
+    "data_format": "MITRE",
+    "data_type": "CVE",
+    "data_version": "4.0",
    "description": {
        "description_data": [
            {
                "lang": "eng",
-                "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+                "value": "In Perun before version 3.9.1, VO or group manager can modify configuration of the LDAP extSource to retrieve all from Perun LDAP.\n\nIssue is fixed in version 3.9.1 by sanitisation of the input."
            }
        ]
+    },
+    "impact": {
+        "cvss": {
+            "attackComplexity": "HIGH",
+            "attackVector": "NETWORK",
+            "availabilityImpact": "NONE",
+            "baseScore": 6.2,
+            "baseSeverity": "MEDIUM",
+            "confidentialityImpact": "HIGH",
+            "integrityImpact": "LOW",
+            "privilegesRequired": "HIGH",
+            "scope": "CHANGED",
+            "userInteraction": "REQUIRED",
+            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:L/A:N",
+            "version": "3.1"
+        }
+    },
+    "problemtype": {
+        "problemtype_data": [
+            {
+                "description": [
+                    {
+                        "lang": "eng",
+                        "value": "CWE-90: Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection')"
+                    }
+                ]
+            }
+        ]
+    },
+    "references": {
+        "reference_data": [
+            {
+                "name": "https://github.com/CESNET/perun/security/advisories/GHSA-gj88-9q3f-72m3",
+                "refsource": "CONFIRM",
+                "url": "https://github.com/CESNET/perun/security/advisories/GHSA-gj88-9q3f-72m3"
+            },
+            {
+                "name": "https://github.com/CESNET/perun/pull/2635",
+                "refsource": "MISC",
+                "url": "https://github.com/CESNET/perun/pull/2635"
+            },
+            {
+                "name": "https://github.com/CESNET/perun/commit/ac527bc3225a64208ee5cee59e5918ee360ca039",
+                "refsource": "MISC",
+                "url": "https://github.com/CESNET/perun/commit/ac527bc3225a64208ee5cee59e5918ee360ca039"
+            }
+        ]
+    },
+    "source": {
+        "advisory": "GHSA-gj88-9q3f-72m3",
+        "discovery": "UNKNOWN"
    }
-}
+}