CVE-2020-27846

Description

A signature verification vulnerability exists in crewjam/saml. This flaw allows an attacker to bypass SAML Authentication. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.

Risk Information

Base Score

9.8

MODERATE

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score

Exploitation Probability

7.544

Associated Vulnerability

Vulnerability	OS Platform
Vulnerabilities CVE-2020-27846 are affected in GrafanaEnterprise 6.7.4	Windows
Vulnerabilities CVE-2020-27846 are affected in GrafanaEnterprise 7.2.2	Windows
Vulnerabilities CVE-2020-27846 are affected in GrafanaEnterprise 7.3.5	Windows
(RHSA-2021:1859) grafana security, bug fix, and enhancement update grafana-7.3.6-2.el8.x86_64.rpm	Linux

Patch Details

Click to see the patches provided by ManageEngine for this CVE

Patch ID	Patch Description
PATCH-335779	GrafanaEnterprise (10.3.1)
PATCH-335779	GrafanaEnterprise (10.3.1)
PATCH-335779	GrafanaEnterprise (10.3.1)

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234