Test Kennung:	1.3.6.1.4.1.25623.1.0.149215
Kategorie:	Privilege escalation
Titel:	Grafana 6.3.0-beta1 < 8.5.16, 9.x < 9.2.8, 9.3.0 < 9.3.2 SAML Privilege Escalation Vulnerability (GHSA-5hcf-rqj9-xh96)
Zusammenfassung:	Grafana is prone to a privilege escalation vulnerability via; SAML.
Beschreibung:	Summary: Grafana is prone to a privilege escalation vulnerability via SAML. Vulnerability Insight: Grafana Enterprise is using crewjam/saml library for SAML integration. On Nov 30, 2022 an advisory and relevant fix was published in the upstream library, which described a vulnerability allowing privilege escalation when processing SAML responses containing multiple assertions. The vulnerability is possible to exploit only when a SAML document is not signed and multiple assertions are being used, where at least one assertion is signed. As a result, an attacker could intercept the SAML response and add any unsigned assertion, which would be parsed as signed by the library. Affected Software/OS: Grafana version 6.3.0-beta1 through 9.3.1. Solution: Update to version 8.5.16, 9.2.8, 9.3.2 or later. CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2022-41912 https://github.com/crewjam/saml/security/advisories/GHSA-j2jp-wvqg-wc2g http://packetstormsecurity.com/files/170356/crewjam-saml-Signature-Bypass.html https://github.com/crewjam/saml/commit/aee3fb1edeeaf1088fcb458727e0fd863d277f8b
Copyright	Copyright (C) 2023 Greenbone Networks GmbH

Dies ist nur einer von 146377 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.