Critical severityNVD Advisory· Published Dec 21, 2020· Updated Aug 4, 2024
CVE-2020-27846
CVE-2020-27846
Description
A signature verification vulnerability exists in crewjam/saml. This flaw allows an attacker to bypass SAML Authentication. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
github.com/crewjam/samlGo | < 0.4.3 | 0.4.3 |
Affected products
3- crewjam/samldescription
- osv-coords2 versions
< 6.7.5+ 1 more
- (no CPE)range: < 6.7.5
- (no CPE)range: < 0.4.3
Patches
Vulnerability mechanics
References
16- github.com/advisories/GHSA-4hq8-gmxx-h6w9ghsaADVISORY
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3YUTKIRWT6TWU7DS6GF3EOANVQBFQZYI/mitrevendor-advisoryx_refsource_FEDORA
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ICP3YRY2VUCNCF2VFUSK77ZMRIC77FEM/mitrevendor-advisoryx_refsource_FEDORA
- nvd.nist.gov/vuln/detail/CVE-2020-27846ghsaADVISORY
- bugzilla.redhat.com/show_bug.cgighsax_refsource_MISCWEB
- github.com/crewjam/saml/commit/da4f1a0612c0a8dd0452cf8b3c7a6518f6b4d053ghsaWEB
- github.com/crewjam/saml/security/advisories/GHSA-4hq8-gmxx-h6w9ghsax_refsource_MISCWEB
- grafana.com/blog/2020/12/17/grafana-6.7.5-7.2.3-and-7.3.6-released-with-important-security-fix-for-grafana-enterpriseghsaWEB
- grafana.com/blog/2020/12/17/grafana-6.7.5-7.2.3-and-7.3.6-released-with-important-security-fix-for-grafana-enterprise/mitrex_refsource_MISC
- lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3YUTKIRWT6TWU7DS6GF3EOANVQBFQZYIghsaWEB
- lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ICP3YRY2VUCNCF2VFUSK77ZMRIC77FEMghsaWEB
- mattermost.com/blog/coordinated-disclosure-go-xml-vulnerabilitiesghsaWEB
- mattermost.com/blog/coordinated-disclosure-go-xml-vulnerabilities/mitrex_refsource_MISC
- pkg.go.dev/vuln/GO-2021-0058ghsaWEB
- security.netapp.com/advisory/ntap-20210205-0002ghsaWEB
- security.netapp.com/advisory/ntap-20210205-0002/mitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.