Skip to main content

Grafana CVE-2020-27846

CRITICAL
Misinterpretation of Input (CWE-115)
2020-12-21 secalert@redhat.com
9.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
9.8 CRITICAL
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
Dec 21, 2020 - 16:15 nvd
CRITICAL 9.8

DescriptionNVD

A signature verification vulnerability exists in crewjam/saml. This flaw allows an attacker to bypass SAML Authentication. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.

AnalysisAI

A signature verification vulnerability exists in crewjam/saml. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Technical ContextAI

This vulnerability is classified under CWE-115. A signature verification vulnerability exists in crewjam/saml. This flaw allows an attacker to bypass SAML Authentication. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. Affected products include: Grafana, Saml Project Saml, Redhat Openshift Container Platform, Redhat Openshift Service Mesh, Redhat Enterprise Linux.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2023-34111 CRITICAL POC
9.8 Jun 06

The `Release PR Merged` workflow in the github repo taosdata/grafanaplugin is subject to a command injection vulnerabili

CVE-2022-26148 CRITICAL POC
9.8 Mar 21

An issue was discovered in Grafana through 7.3.4, when integrated with Zabbix. Rated critical severity (CVSS 9.8), this

CVE-2018-15727 CRITICAL POC
9.8 Aug 29

Grafana 2.x, 3.x, and 4.x before 4.6.4 and 5.x before 5.2.3 allows authentication bypass because an attacker can generat

CVE-2024-9264 CRITICAL POC
9.4 Oct 18

The SQL Expressions experimental feature of Grafana allows for the evaluation of `duckdb` queries containing user input.

CVE-2023-36649 CRITICAL POC
9.1 Dec 12

Insertion of sensitive information in the centralized (Grafana) logging system in ProLion CryptoSpike 3.0.15P2 allows re

CVE-2025-4123 HIGH POC
7.6 May 22

A cross-site scripting (XSS) vulnerability exists in Grafana caused by combining a client path traversal and open redire

CVE-2020-13379 HIGH POC
8.2 Jun 03

The avatar feature in Grafana 3.0.1 through 7.0.1 has an SSRF Incorrect Access Control issue. Rated high severity (CVSS

CVE-2023-1387 HIGH POC
7.5 Apr 26

Grafana is an open-source platform for monitoring and observability. Rated high severity (CVSS 7.5), this vulnerability

CVE-2022-32276 HIGH POC
7.5 Jun 17

Grafana 8.4.3 allows unauthenticated access via (for example) a /dashboard/snapshot/*?orgId=0 URI. Rated high severity (

CVE-2022-32275 HIGH POC
7.5 Jun 06

Grafana 8.4.3 allows reading files via (for example) a /dashboard/snapshot/%7B%7Bconstructor.constructor'/.. Rated high

CVE-2021-43798 HIGH POC
7.5 Dec 07

Grafana is an open-source platform for monitoring and observability. Rated high severity (CVSS 7.5), this vulnerability

CVE-2021-27358 HIGH POC
7.5 Mar 18

The snapshot feature in Grafana 6.7.3 through 7.4.1 can allow an unauthenticated remote attackers to trigger a Denial of

Share

CVE-2020-27846 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy