Описание
A signature verification vulnerability exists in crewjam/saml. This flaw allows an attacker to bypass SAML Authentication. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
Ссылки
- Issue TrackingPatchThird Party Advisory
- Third Party Advisory
- Vendor Advisory
- ExploitThird Party Advisory
- Third Party Advisory
- Issue TrackingPatchThird Party Advisory
- Third Party Advisory
- Vendor Advisory
- ExploitThird Party Advisory
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 6.7.5 (исключая)Версия от 7.0.0 (включая) до 7.2.3 (исключая)Версия от 7.3.0 (включая) до 7.3.6 (исключая)
Одно из
cpe:2.3:a:grafana:grafana:*:*:*:*:enterprise:*:*:*
cpe:2.3:a:grafana:grafana:*:*:*:*:enterprise:*:*:*
cpe:2.3:a:grafana:grafana:*:*:*:*:enterprise:*:*:*
Конфигурация 2Версия до 0.4.3 (исключая)
cpe:2.3:a:saml_project:saml:*:*:*:*:*:*:*:*
Конфигурация 3
Одно из
cpe:2.3:a:redhat:openshift_container_platform:3.11:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_container_platform:4.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_service_mesh:2.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
Конфигурация 4
Одно из
cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*
EPSS
Процентиль: 94%
0.15345
Средний
9.8 Critical
CVSS3
10 Critical
CVSS2
Дефекты
CWE-115
Связанные уязвимости
CVSS3: 9.8
redhat
больше 4 лет назад
A signature verification vulnerability exists in crewjam/saml. This flaw allows an attacker to bypass SAML Authentication. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
CVSS3: 9.8
github
почти 4 года назад
XML Processing error in github.com/crewjam/saml
oracle-oval
около 4 лет назад
ELSA-2021-1859: grafana security, bug fix, and enhancement update (MODERATE)
EPSS
Процентиль: 94%
0.15345
Средний
9.8 Critical
CVSS3
10 Critical
CVSS2
Дефекты
CWE-115