What is CVE-2020-5246?

CVE-2020-5246 is a high-severity vulnerability in Traccar, classified under LDAP Injection. CVSS score: 7.7/10. Published 2020-07-14.

How severe is CVE-2020-5246?

High severity. CVSS v3 base score is 7.7 out of 10.

LDAP Injection in Traccar

CVE-2020-5246

Traccar GPS Tracking System before version 4.9 has a LDAP injection vulnerability. It occurs when user input is being used in LDAP search filter. By providing specially crafted input, an attacker can modify the logic of the LDAP query and…

EPSS: 0.002 (42.6th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.7 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N.

Affected products

Traccar — versions < 4.9

Weakness classification (CWE)

CWE-90 — LDAP Injection

References

github.com/traccar/traccar/security/advisories/GHSA-v955-7g22-2p49 (x_refsource_CONFIRM)
github.com/traccar/traccar/commit/e4f6e74e57ab743b65d49ae00f6624a20ca0291e (x_refsource_MISC)

Frequently asked questions

What is CVE-2020-5246?: CVE-2020-5246 is a high-severity vulnerability in Traccar, classified under LDAP Injection. CVSS score: 7.7/10. Published 2020-07-14.
How severe is CVE-2020-5246?: High severity. CVSS v3 base score is 7.7 out of 10.