A vulnerability exist in the github.com/crewjam/saml library used Grafana to process SAML Authentication. A Grafana instance configured to use SAML Authentication is vulnerable to this issue. An attacker can use this flaw to bypass authentication in Grafana.
Upstream Commit: https://github.com/crewjam/saml/commit/da4f1a0612c0a8dd0452cf8b3c7a6518f6b4d053
Statement: Grafana in the OpenShift Container Platform (OCP) and OpenShift ServiceMesh) uses oauth-proxy as an Auth Proxy, and therefore does not make use of the vulnerable SAML Authentication in the github.com/crewjam/saml module used by Grafana. Additionally, SAML is only available in the enterprise version of grafana, but as the code is still packaged, it has been marked Low impact. Red Hat Gluster Storage 3, Red Hat Ceph Storage 2, 3 and 4 ships old versions of grafana where ‘crewjam/saml’ module is not included. Therefore these products are not affected by this vulnerability. grafana as shipped with Red Hat Enterprise Linux 8 packages a vulnerable version of crewjam/saml but does not use it, as SAML is only available for the Enterprise version of grafana. For this reason, this flaw has been marked Low impact.
External References: https://mattermost.com/blog/coordinated-disclosure-go-xml-vulnerabilities/ https://github.com/crewjam/saml/security/advisories/GHSA-4hq8-gmxx-h6w9 https://grafana.com/blog/2020/12/17/grafana-6.7.5-7.2.3-and-7.3.6-released-with-important-security-fix-for-grafana-enterprise/
This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.7 Via RHSA-2020:5633 https://access.redhat.com/errata/RHSA-2020:5633
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2020-27846
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2021:1859 https://access.redhat.com/errata/RHSA-2021:1859