PT-2020-14320 · Unknown · Ad-Ldap-Connector

Gkwang

Published

2020-11-06

Updated

2020-11-18

CVE-2020-15259

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions ad-ldap-connector versions prior to 5.0.13

Description The issue concerns a lack of CSRF protection in the admin panel, which can be exploited to achieve remote code execution or result in confidential data loss. This can occur when a user visits a malicious page with a CSRF payload on the same machine that has access to the admin console via a browser.

Recommendations For versions prior to 5.0.13, update to version 5.0.13 to resolve the issue. As a temporary workaround, consider disabling the admin console until the update is applied. Additionally, avoid visiting public URLs on the machine where the admin console is installed to minimize the risk of exploitation.

Fix

CSRF

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-352

Related Identifiers

CVE-2020-15259

GHSA-VX5Q-CP9V-427V

Affected Products

Ad-Ldap-Connector

PT-2020-14320 · Unknown · Ad-Ldap-Connector

CVE-2020-15259

Weakness Enumeration

Related Identifiers

Affected Products

References · 4