CVE-2020-9495 : Apache Archiva login service before 2.2.5 is vulnerable to LDAP injection. A att

Apache Archiva login service before 2.2.5 is vulnerable to LDAP injection. A attacker is able to retrieve user attribute data from the connected LDAP server by providing special values to the login form. With certain characters it is possible to modify the LDAP filter used to query the LDAP users. By measuring the response time for the login request, arbitrary attribute data can be retrieved from LDAP user objects.

Published 2020-06-19 19:15:13

Updated 2020-06-24 19:20:01

Source Apache Software Foundation

View at NVD, CVE.org

Products affected by CVE-2020-9495

Apache » Archiva
Versions before (<) 2.2.5
cpe:2.3:a:apache:archiva:*:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2020-9495

EPSS FAQ

27.49%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 96 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2020-9495

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
5.0	MEDIUM	AV:N/AC:L/Au:N/C:P/I:N/A:N	10.0	2.9	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Partial Integrity Impact: None Availability Impact: None
5.3	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N	3.9	1.4	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: Low Integrity: None Availability: None

CWE ids for CVE-2020-9495

CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2020-9495

https://lists.apache.org/thread.html/r7ae580f700ade57b00641a70a5c639a3ba576893bbf7f9fd93bc491d@%3Cusers.maven.apache.org%3E

Pony Mail!
Mailing List;Vendor Advisory
http://archiva.apache.org/security.html#CVE-2020-9495

Archiva – Security Vulnerabilities
Vendor Advisory
http://www.openwall.com/lists/oss-security/2020/06/19/1

oss-security - [SECURITY] CVE-2020-9495: Apache Archiva login service is vulnerable to LDAP injection
Mailing List;Third Party Advisory
https://lists.apache.org/thread.html/r576eaabe3f772c045ec832a0200252494a2ce3f188f59450dd8f9b6d@%3Cannounce.apache.org%3E

[SECURITY] CVE-2020-9495: Apache Archiva login service is vulnerable to LDAP injection - Pony Mail
Mailing List;Vendor Advisory
https://lists.apache.org/thread.html/r576eaabe3f772c045ec832a0200252494a2ce3f188f59450dd8f9b6d@%3Cusers.archiva.apache.org%3E

[SECURITY] CVE-2020-9495: Apache Archiva login service is vulnerable to LDAP injection - Pony Mail
Mailing List;Vendor Advisory
https://lists.apache.org/thread.html/r576eaabe3f772c045ec832a0200252494a2ce3f188f59450dd8f9b6d@%3Cdev.archiva.apache.org%3E

[SECURITY] CVE-2020-9495: Apache Archiva login service is vulnerable to LDAP injection - Pony Mail
Mailing List;Vendor Advisory

Jump to

Vulnerability Details : CVE-2020-9495

Products affected by CVE-2020-9495

Exploit prediction scoring system (EPSS) score for CVE-2020-9495

CVSS scores for CVE-2020-9495

CWE ids for CVE-2020-9495

References for CVE-2020-9495