Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
LDAP connector injection in Perun
Vulnerability Description
In Perun before version 3.9.1, VO or group manager can modify configuration of the LDAP extSource to retrieve all from Perun LDAP. Issue is fixed in version 3.9.1 by sanitisation of the input.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:L/A:N
Vulnerability Type
LDAP查询中使用的特殊元素转义处理不恰当(LDAP注入)
Vulnerability Title
Perun 注入漏洞
Vulnerability Description
Perun是一套身份验证和访问管理系统。 Perun 3.9.1之前版本中存在注入漏洞。远程攻击者可通过使用VO或组管理器修改LDAP extSource配置利用该漏洞从Perun LDAP中检索所有内容。
CVSS Information
N/A
Vulnerability Type
N/A