ID de Prueba:	1.3.6.1.4.1.25623.1.0.149215
Categoría:	Privilege escalation
Título:	Grafana 6.3.0-beta1 < 8.5.16, 9.x < 9.2.8, 9.3.0 < 9.3.2 SAML Privilege Escalation Vulnerability (GHSA-5hcf-rqj9-xh96)
Resumen:	Grafana is prone to a privilege escalation vulnerability via; SAML.
Descripción:	Summary: Grafana is prone to a privilege escalation vulnerability via SAML. Vulnerability Insight: Grafana Enterprise is using crewjam/saml library for SAML integration. On Nov 30, 2022 an advisory and relevant fix was published in the upstream library, which described a vulnerability allowing privilege escalation when processing SAML responses containing multiple assertions. The vulnerability is possible to exploit only when a SAML document is not signed and multiple assertions are being used, where at least one assertion is signed. As a result, an attacker could intercept the SAML response and add any unsigned assertion, which would be parsed as signed by the library. Affected Software/OS: Grafana version 6.3.0-beta1 through 9.3.1. Solution: Update to version 8.5.16, 9.2.8, 9.3.2 or later. CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2022-41912 https://github.com/crewjam/saml/security/advisories/GHSA-j2jp-wvqg-wc2g http://packetstormsecurity.com/files/170356/crewjam-saml-Signature-Bypass.html https://github.com/crewjam/saml/commit/aee3fb1edeeaf1088fcb458727e0fd863d277f8b
Copyright	Copyright (C) 2023 Greenbone Networks GmbH

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.