Bug 1907670 (CVE-2020-27846) - CVE-2020-27846 crewjam/saml: authentication bypass in saml authentication
Summary: CVE-2020-27846 crewjam/saml: authentication bypass in saml authentication
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2020-27846
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
urgent
urgent
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1908552 1908592 1908593 1911476
Blocks: 1907616
TreeView+ depends on / blocked
 
Reported: 2020-12-15 01:02 UTC by Jason Shepherd
Modified: 2022-04-17 21:04 UTC (History)
35 users (show)

See Also:
Fixed In Version: grafana-7.3.6, grafana-7.2.3, grafana-6.7.5, github.com/crewjam/saml-0.4.3
Doc Type: If docs needed, set a value
Doc Text:
A signature verification vulnerability exists in crewjam/saml. This flaw allows an attacker to bypass SAML Authentication. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
Clone Of:
Environment:
Last Closed: 2021-02-24 19:02:09 UTC


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2020:5633 0 None None None 2021-02-24 15:10:39 UTC

Description Jason Shepherd 2020-12-15 01:02:09 UTC
A vulnerability exist in the github.com/crewjam/saml library used Grafana to process SAML Authentication. A Grafana instance configured to use SAML Authentication is vulnerable to this issue. An attacker can use this flaw to bypass authentication in Grafana.

Comment 6 Jason Shepherd 2020-12-15 04:45:13 UTC
Upstream Commit:

https://github.com/crewjam/saml/commit/da4f1a0612c0a8dd0452cf8b3c7a6518f6b4d053

Comment 23 Todd Cullum 2020-12-17 01:58:55 UTC
Statement:

Grafana in the OpenShift Container Platform (OCP) and OpenShift ServiceMesh) uses oauth-proxy as an Auth Proxy, and therefore does not make use of the vulnerable SAML Authentication in the github.com/crewjam/saml module used by Grafana. Additionally, SAML is only available in the enterprise version of grafana, but as the code is still packaged, it has been marked Low impact.

Red Hat Gluster Storage 3, Red Hat Ceph Storage 2, 3 and 4 ships old versions of grafana where ‘crewjam/saml’ module is not included. Therefore these products are not affected by this vulnerability.

grafana as shipped with Red Hat Enterprise Linux 8 packages a vulnerable version of crewjam/saml but does not use it, as SAML is only available for the Enterprise version of grafana. For this reason, this flaw has been marked Low impact.

Comment 29 errata-xmlrpc 2021-02-24 15:10:33 UTC
This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.7

Via RHSA-2020:5633 https://access.redhat.com/errata/RHSA-2020:5633

Comment 30 Product Security DevOps Team 2021-02-24 19:02:09 UTC
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2020-27846

Comment 31 errata-xmlrpc 2021-05-18 15:39:10 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2021:1859 https://access.redhat.com/errata/RHSA-2021:1859


Note You need to log in before you can comment on or make changes to this bug.