2 matches found
MiracleLinux 8 : grafana-7.3.6-2.el8 (AXSA:2021-2087:03)
The remote MiracleLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2021-2087:03 advisory. crewjam/saml: authentication bypass in saml authentication CVE-2020-27846 grafana: XSS via a query alias for the Elasticsearch and Testdata datasour...
crewjam/saml vulnerable to signature bypass via multiple Assertion elements due to improper authentication
Impact The crewjam/saml go library is vulnerable to an authentication bypass when processing SAML responses containing multiple Assertion elements. Patches This issue has been corrected in version 0.4.9. Credit This issue was reported by Felix Wilhelm from Google Project Zero...