CVE-2020-27846

Published: Dec 21, 2020

Modified: Aug 4, 2024

PUBLISHED

Description

A signature verification vulnerability exists in crewjam/saml. This flaw allows an attacker to bypass SAML Authentication. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.

Vendor	Product	Versions
n/a	crewjam/saml	affected `grafana-7.3.6, grafana-7.2.3, grafana-6.7.5, github.com/crewjam/saml-0.4.3`

Weaknesses (CWE)

CWE-115

References

https://bugzilla.redhat.com/show_bug.cgi?id=1907670

x_refsource_MISC

https://mattermost.com/blog/coordinated-disclosure-go-xml-vulnerabilities/

x_refsource_MISC

https://github.com/crewjam/saml/security/advisories/GHSA-4hq8-gmxx-h6w9

x_refsource_MISC

https://grafana.com/blog/2020/12/17/grafana-6.7.5-7.2.3-and-7.3.6-released-with-important-security-fix-for-grafana-enterprise/

x_refsource_MISC

FEDORA-2020-968067abfa

vendor-advisory

x_refsource_FEDORA

FEDORA-2020-64e54abd9f

vendor-advisory

x_refsource_FEDORA

https://security.netapp.com/advisory/ntap-20210205-0002/

x_refsource_CONFIRM

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2020-27846

Description

Affected Products

Weaknesses (CWE)

References