CVE-2020-5292

Published: Mar 31, 2020

Modified: Aug 4, 2024

PUBLISHED

CVSS v3.1

8.7

HIGH

Description

Leantime before versions 2.0.15 and 2.1-beta3 has a SQL Injection vulnerability. The impact is high. Malicious users/attackers can execute arbitrary SQL queries negatively affecting the confidentiality, integrity, and availability of the site. Attackers can exfiltrate data like the users' and administrators' password hashes, modify data, or drop tables. The unescaped parameter is "searchUsers" when sending a POST request to "/tickets/showKanban" with a valid session. In the code, the parameter is named "users" in class.tickets.php. This issue is fixed in versions 2.0.15 and 2.1.0 beta 3.

Vendor	Product	Versions
Leantime	Leantime	affected `< 2.0.15`

Weaknesses (CWE)

CWE-89

CVSS v3.1 Details

CVSS v3.1 Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

Required

Scope

Changed

Confidentiality

High

Integrity

High

Availability

None

References

https://github.com/Leantime/leantime/security/advisories/GHSA-ww6x-rhvp-55hp

x_refsource_CONFIRM

https://github.com/Leantime/leantime/pull/181

x_refsource_MISC

https://github.com/Leantime/leantime/commit/af0807f0b2c4c3c914b93f1c5d940e6b875f231f

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2020-5292

Description

Affected Products

Weaknesses (CWE)

CVSS v3.1 Details

References