Lucene search
Veracode Vulnerability DatabaseVERACODE:34194HistoryFeb 14, 2022 - 7:29 a.m.
Authentication Bypass
2022-02-1407:29:33
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
9
0.004 Low
EPSS
Percentile
72.3%
github.com/fleetdm/fleet, is vulnerable to authentication bypass. The vulnerability exists due to stdlib XML parsing in the validate.go file and valid SAML response allowing an attacker to modify the trusted document and cause unauthorized login through SAML IdP.
| CPE | Name | Operator | Version |
|---|---|---|---|
| github.com/fleetdm/fleet | le | 3.5.0 | |
| github.com/fleetdm/fleet | le | 3.5.0 |
References
github.com/fleetdm/fleet/blob/master/CHANGELOG.md#fleet-351-dec-14-2020
github.com/fleetdm/fleet/commit/57812a532e5f749c8e18c6f6a652eca65c083607
github.com/fleetdm/fleet/security/advisories/GHSA-w3wf-cfx3-6gcx
github.com/mattermost/xml-roundtrip-validator
mattermost.com/blog/coordinated-disclosure-go-xml-vulnerabilities
Related
ubuntucve
ubuntucve
CVE-2020-26276
2020-12-17 00:00:00
cvelist
cvelist
CVE-2020-26276 SAML authentication vulnerability in Fleet
2020-12-17 19:40:14
nvd
nvd
CVE-2020-26276
2020-12-17 20:15:13
github
github
SAML authentication vulnerability due to stdlib XML parsing
2022-02-11 23:59:14
prion
prion
Authentication flaw
2020-12-17 20:15:00
osv
osv
SAML authentication vulnerability due to stdlib XML parsing
2022-02-11 23:59:14
CVE-2020-26276
2020-12-17 20:15:13
cve
cve
CVE-2020-26276
2020-12-17 20:15:13