> ## Documentation Index
> Fetch the complete documentation index at: https://auth0.com/llms.txt
> Use this file to discover all available pages before exploring further.

> CVE 2020-15259: Security Update for ad-ldap-connector

# CVE 2020-15259: Security Update for ad-ldap-connector

**Published**: 05 November 2020

**CVE number**: CVE-2020-15259

## Overview

The ad-ldap-connector admin console does not provide CSRF protection, which when exploited may result in remote code execution or confidential data loss. CSRF exploits may occur if the user visits a malicious page containing CSRF payload on the same machine that has access to the ad-ldap-connector admin console via a browser.

## Am I affected?

You may be affected if you use the admin console included with ad-ldap-connector versions \<=5.0.12.

If you do not have ad-ldap-connector admin console enabled or do not visit any other public URL while on the machine it is installed on, you are **not** affected.

## How to fix that?

Upgrade to the latest version of [ad-ldap-connector](https://github.com/auth0/ad-ldap-connector) and restart your admin console.

## Will this update impact my users?

The fix provided in this version will not affect your users.