CVE-2020-27846
CRITICALGrafana < 6.7.5 - SAML Authentication Bypass via Signature Verification Flaw
Title source: llmDescription
A signature verification vulnerability exists in crewjam/saml. This flaw allows an attacker to bypass SAML Authentication. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
References (7)
Core 7
Core References
Issue Tracking, Patch, Third Party Advisory x_refsource_misc
https://bugzilla.redhat.com/show_bug.cgi?id=1907670
Exploit, Third Party Advisory x_refsource_misc
https://mattermost.com/blog/coordinated-disclosure-go-xml-vulnerabilities/
Third Party Advisory x_refsource_misc
https://github.com/crewjam/saml/security/advisories/GHSA-4hq8-gmxx-h6w9
Vendor Advisory x_refsource_misc
https://grafana.com/blog/2020/12/17/grafana-6.7.5-7.2.3-and-7.3.6-released-with-important-security-fix-for-grafana-enterprise/
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3YUTKIRWT6TWU7DS6GF3EOANVQBFQZYI/
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ICP3YRY2VUCNCF2VFUSK77ZMRIC77FEM/
Third Party Advisory x_refsource_confirm
https://security.netapp.com/advisory/ntap-20210205-0002/
Scores
CVSS v3
9.8
EPSS
0.0754
EPSS Percentile
91.9%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-115
Status
published
Products (9)
crewjam/saml
0 - 0.4.3Go
fedoraproject/fedora
32
fedoraproject/fedora
33
grafana/grafana
< 6.7.5
redhat/enterprise_linux
8.0
redhat/openshift_container_platform
3.11
redhat/openshift_container_platform
4.0
redhat/openshift_service_mesh
2.0
saml_project/saml
< 0.4.3
Published
Dec 21, 2020
Tracked Since
Feb 18, 2026