Vulnerability Name: | CVE-2020-27846 (CCN-193628) | ||||||||||||||||||
Assigned: | 2020-12-17 | ||||||||||||||||||
Published: | 2020-12-17 | ||||||||||||||||||
Updated: | 2021-03-31 | ||||||||||||||||||
Summary: | A signature verification vulnerability exists in crewjam/saml. This flaw allows an attacker to bypass SAML Authentication. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. | ||||||||||||||||||
CVSS v3 Severity: | 9.8 Critical (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) 8.5 High (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)
8.5 High (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)
8.5 High (REDHAT Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)
| ||||||||||||||||||
CVSS v2 Severity: | 10.0 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)
| ||||||||||||||||||
Vulnerability Type: | CWE-115 | ||||||||||||||||||
Vulnerability Consequences: | Bypass Security | ||||||||||||||||||
References: | Source: MITRE Type: CNA CVE-2020-27846 Source: CCN Type: Red Hat Bugzilla Bug 1907670 (CVE-2020-27846) - CVE-2020-27846 crewjam/saml: authentication bypass in saml authentication Source: MISC Type: Issue Tracking, Patch, Third Party Advisory https://bugzilla.redhat.com/show_bug.cgi?id=1907670 Source: XF Type: UNKNOWN crewjamsaml-cve202027846-sec-bypass(193628) Source: CCN Type: saml GIT Repository Merge pull request from GHSA-4hq8-gmxx-h6w9 Source: MISC Type: Third Party Advisory https://github.com/crewjam/saml/security/advisories/GHSA-4hq8-gmxx-h6w9 Source: MISC Type: Vendor Advisory https://grafana.com/blog/2020/12/17/grafana-6.7.5-7.2.3-and-7.3.6-released-with-important-security-fix-for-grafana-enterprise/ Source: FEDORA Type: Mailing List, Third Party Advisory FEDORA-2020-968067abfa Source: FEDORA Type: Mailing List, Third Party Advisory FEDORA-2020-64e54abd9f Source: MISC Type: Exploit, Third Party Advisory https://mattermost.com/blog/coordinated-disclosure-go-xml-vulnerabilities/ Source: CONFIRM Type: Third Party Advisory https://security.netapp.com/advisory/ntap-20210205-0002/ | ||||||||||||||||||
Vulnerable Configuration: | Configuration 1: Configuration 2: Configuration 3: Configuration 4: Configuration RedHat 1: Configuration RedHat 2: ![]() | ||||||||||||||||||
Oval Definitions | |||||||||||||||||||
| |||||||||||||||||||
BACK |