3 matches found
CVE-2020-27846
CVE-2020-27846 is a signature verification vulnerability in crewjam/saml that can allow bypass of SAML authentication. The issue affects Grafana deployments including affected Grafana versions referenced in multiple advisories (e.g., Red Hat RHSA-2021:1859) and is scored with a high/critical impa...
CVE-2022-41912
Affected software: crewjam/saml Go library
CVE-2023-45683
CVE-2023-45683 affects the Go SAML library github.com/crewjam/saml. Affected versions fail to validate the ACS Location URI according to the parsed SAML binding, enabling an attacker to register a malicious Service Provider at the IdP and inject JavaScript in the ACS endpoint. This can cause Cros...