CVE-2020-27846

A signature verification vulnerability exists in crewjam/saml. This flaw allows an attacker to bypass SAML Authentication. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
redhatCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 93%
VendorProductVersion
grafanagrafana
𝑥
< 6.7.5
grafanagrafana
7.0.0 ≤
𝑥
< 7.2.3
grafanagrafana
7.3.0 ≤
𝑥
< 7.3.6
saml_projectsaml
𝑥
< 0.4.3
redhatopenshift_container_platform
3.11
redhatopenshift_container_platform
4.0
redhatopenshift_service_mesh
2.0
redhatenterprise_linux
8.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://bugzilla.redhat.com/show_bug.cgi?id=1907670
https://github.com/crewjam/saml/security/advisories/GHSA-4hq8-gmxx-h6w9
https://grafana.com/blog/2020/12/17/grafana-6.7.5-7.2.3-and-7.3.6-released-with-important-security-fix-for-grafana-enterprise/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3YUTKIRWT6TWU7DS6GF3EOANVQBFQZYI/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ICP3YRY2VUCNCF2VFUSK77ZMRIC77FEM/
https://mattermost.com/blog/coordinated-disclosure-go-xml-vulnerabilities/
https://security.netapp.com/advisory/ntap-20210205-0002/
https://bugzilla.redhat.com/show_bug.cgi?id=1907670
https://github.com/crewjam/saml/security/advisories/GHSA-4hq8-gmxx-h6w9
https://grafana.com/blog/2020/12/17/grafana-6.7.5-7.2.3-and-7.3.6-released-with-important-security-fix-for-grafana-enterprise/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3YUTKIRWT6TWU7DS6GF3EOANVQBFQZYI/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ICP3YRY2VUCNCF2VFUSK77ZMRIC77FEM/
https://mattermost.com/blog/coordinated-disclosure-go-xml-vulnerabilities/
https://security.netapp.com/advisory/ntap-20210205-0002/