Lucene search

CVE-2020-26276

🗓️ 17 Dec 2020 20:13:15Reported by GitHub_MType

CVE-2020-26276: Fleet before 3.5.1 allows SAML response mutation, leading to unverified login

5 of 5AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

Reporter	Title	Published	Views	Family All 9
Prion	Authentication flaw	17 Dec 202020:15	–	prion
Github Security Blog	SAML authentication vulnerability due to stdlib XML parsing	11 Feb 202223:59	–	github
Veracode	Authentication Bypass	14 Feb 202207:29	–	veracode
OSV	GHSA-W3WF-CFX3-6GCX SAML authentication vulnerability due to stdlib XML parsing	11 Feb 202223:59	–	osv
OSV	CVE-2020-26276	17 Dec 202020:15	–	osv
Cvelist	CVE-2020-26276 SAML authentication vulnerability in Fleet	17 Dec 202019:40	–	cvelist
NVD	CVE-2020-26276	17 Dec 202020:15	–	nvd
UbuntuCve	CVE-2020-26276	17 Dec 202000:00	–	ubuntucve
RedhatCVE	CVE-2020-26276	5 Feb 202513:38	–	redhatcve

Nvd

Vulners

Node

fleetdm fleetRange<3.5.1

[
  {
    "product": "fleet",
    "vendor": "fleetdm",
    "versions": [
      {
        "status": "affected",
        "version": "< 3.5.1"
      }
    ]
  }
]

Source	Link
github	www.github.com/fleetdm/fleet/commit/57812a532e5f749c8e18c6f6a652eca65c083607
mattermost	www.mattermost.com/blog/coordinated-disclosure-go-xml-vulnerabilities
github	www.github.com/fleetdm/fleet/security/advisories/GHSA-w3wf-cfx3-6gcx
github	www.github.com/fleetdm/fleet/blob/master/CHANGELOG.md
github	www.github.com/mattermost/xml-roundtrip-validator

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

17 Dec 2020 20:15Current

9.3High risk

Vulners AI Score9.3

CVSS26.8

CVSS39.8 - 10

EPSS0.00978

CWE-290