Bug 1907670 (CVE-2020-27846)
| Summary: | CVE-2020-27846 crewjam/saml: authentication bypass in saml authentication | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | Jason Shepherd <jshepherd> |
| Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
| Status: | CLOSED ERRATA | QA Contact: | |
| Severity: | urgent | Docs Contact: | |
| Priority: | urgent | ||
| Version: | unspecified | CC: | agerstmayr, alegrand, amasferr, amctagga, anharris, anpicker, bmontgom, bniver, chazlett, eparis, erooth, flucifre, gmeno, grafana-maint, hvyas, jburrell, jkurik, jokerman, jwendell, kakkoyun, kconner, lcosic, mbenjamin, mgoodwin, mhackett, nathans, nstielau, pkrupa, puebele, rcernich, rtillery, security-response-team, sostapov, sponnaga, surbania, twalsh, vereddy |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| See Also: |
https://issues.redhat.com/browse/OSSM-338 https://issues.redhat.com/browse/THREESCALE-6507 |
||
| Whiteboard: | |||
| Fixed In Version: | grafana-7.3.6, grafana-7.2.3, grafana-6.7.5, github.com/crewjam/saml-0.4.3 | Doc Type: | If docs needed, set a value |
| Doc Text: |
A signature verification vulnerability exists in crewjam/saml. This flaw allows an attacker to bypass SAML Authentication. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | 2021-02-24 19:02:09 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 1908552, 1908592, 1908593, 1911476 | ||
| Bug Blocks: | 1907616 | ||
|
Description
Jason Shepherd
2020-12-15 01:02:09 UTC
Statement: Grafana in the OpenShift Container Platform (OCP) and OpenShift ServiceMesh) uses oauth-proxy as an Auth Proxy, and therefore does not make use of the vulnerable SAML Authentication in the github.com/crewjam/saml module used by Grafana. Additionally, SAML is only available in the enterprise version of grafana, but as the code is still packaged, it has been marked Low impact. Red Hat Gluster Storage 3, Red Hat Ceph Storage 2, 3 and 4 ships old versions of grafana where ‘crewjam/saml’ module is not included. Therefore these products are not affected by this vulnerability. grafana as shipped with Red Hat Enterprise Linux 8 packages a vulnerable version of crewjam/saml but does not use it, as SAML is only available for the Enterprise version of grafana. For this reason, this flaw has been marked Low impact. External References: https://mattermost.com/blog/coordinated-disclosure-go-xml-vulnerabilities/ https://github.com/crewjam/saml/security/advisories/GHSA-4hq8-gmxx-h6w9 https://grafana.com/blog/2020/12/17/grafana-6.7.5-7.2.3-and-7.3.6-released-with-important-security-fix-for-grafana-enterprise/ This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.7 Via RHSA-2020:5633 https://access.redhat.com/errata/RHSA-2020:5633 This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2020-27846 This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2021:1859 https://access.redhat.com/errata/RHSA-2021:1859 |