CVE-2020-27846
published 2020-12-21CVE-2020-27846: A signature verification vulnerability exists in crewjam/saml. This flaw allows an attacker to bypass SAML Authentication. The highest threat from this…
critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
A signature verification vulnerability exists in crewjam/saml. This flaw allows an attacker to bypass SAML Authentication. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
Affected
12 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| crewjam | saml | — | — |
| fedoraproject | fedora | — | — |
| fedoraproject | fedora | — | — |
| github.com | crewjam_saml | >= 0 < 0.4.3 | 0.4.3 |
| grafana | grafana | < 6.7.5 | 6.7.5 |
| grafana | grafana | >= 7.0.0 < 7.2.3 | 7.2.3 |
| grafana | grafana | >= 7.3.0 < 7.3.6 | 7.3.6 |
| redhat | enterprise_linux | — | — |
| redhat | openshift_container_platform | — | — |
| redhat | openshift_container_platform | — | — |
| redhat | openshift_service_mesh | — | — |
| saml_project | saml | < 0.4.3 | 0.4.3 |