10

CVE-2020-27846

Exploit
A signature verification vulnerability exists in crewjam/saml. This flaw allows an attacker to bypass SAML Authentication. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
GrafanaGrafana SwEditionenterprise Version < 6.7.5
GrafanaGrafana SwEditionenterprise Version >= 7.0.0 < 7.2.3
GrafanaGrafana SwEditionenterprise Version >= 7.3.0 < 7.3.6
Saml ProjectSaml Version < 0.4.3
RedhatEnterprise Linux Version8.0
FedoraprojectFedora Version32
FedoraprojectFedora Version33
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 4.87% 0.909
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 9.8 3.9 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 10 10 10
AV:N/AC:L/Au:N/C:C/I:C/A:C
CWE-115 Misinterpretation of Input

The product misinterprets an input, whether from an attacker or another product, in a security-relevant fashion.

https://bugzilla.redhat.com/show_bug.cgi?id=1907670
Patch
Third Party Advisory
Issue Tracking
https://github.com/crewjam/saml/security/advisories/GHSA-4hq8-gmxx-h6w9
Third Party Advisory
https://grafana.com/blog/2020/12/17/grafana-6.7.5-7.2.3-and-7.3.6-released-with-important-security-fix-for-grafana-enterprise/
Vendor Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3YUTKIRWT6TWU7DS6GF3EOANVQBFQZYI/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ICP3YRY2VUCNCF2VFUSK77ZMRIC77FEM/
https://mattermost.com/blog/coordinated-disclosure-go-xml-vulnerabilities/
Third Party Advisory
Exploit
https://security.netapp.com/advisory/ntap-20210205-0002/
Third Party Advisory