CVE-2020-15259

Name: CVE-2020-15259
Creator: NVD / NIST
Published: 2020-11-06T20:15:11.85+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

HIGHCVSS 8.8/10EPSS 0.93%

Last modified Jun 17, 2026

CVE-2020-15259 is a high-severity vulnerability rated 8.8/10 on the CVSS scale. ad-ldap-connector's admin panel before version 5.0.13 does not provide csrf protection, which when exploited may result in remote code execution or confidential data loss. CSRF exploits may occur if the user visits a malicious page containing CSRF payload on the same machine that has access to the ad-ldap-connector admin console via a browser. EPSS estimates a 0.93% chance of exploitation in the next 30 days.

Description

ad-ldap-connector's admin panel before version 5.0.13 does not provide csrf protection, which when exploited may result in remote code execution or confidential data loss. CSRF exploits may occur if the user visits a malicious page containing CSRF payload on the same machine that has access to the ad-ldap-connector admin console via a browser. You may be affected if you use the admin console included with ad-ldap-connector versions <=5.0.12. If you do not have ad-ldap-connector admin console enabled or do not visit any other public URL while on the machine it is installed on, you are not affected. The issue is fixed in version 5.0.13.

Metrics

CVSS 3.1

8.8/10

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS Probability

0.93%

56.1th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-352

Affected Software

Vendor	Product	Versions
Auth0	Ad\/Ldap Connector	< 5.0.13

References

https://github.com/auth0/ad-ldap-connector/commit/8b793631ec5ecacf63ff3ece23231a9e138ae911Patch, Third Party Advisory
https://github.com/auth0/ad-ldap-connector/security/advisories/GHSA-vx5q-cp9v-427vThird Party Advisory
https://github.com/auth0/ad-ldap-connector/commit/8b793631ec5ecacf63ff3ece23231a9e138ae911Patch, Third Party Advisory
https://github.com/auth0/ad-ldap-connector/security/advisories/GHSA-vx5q-cp9v-427vThird Party Advisory

Timeline

Published: Nov 6, 2020
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2020-15259?

How severe is CVE-2020-15259?

CVE-2020-15259 has a CVSS score of 8.8/10 (HIGH severity). The EPSS model estimates a 0.93% probability of exploitation in the next 30 days.

How do I fix CVE-2020-15259?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2020-15259?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST