Skip to content

SAML authentication vulnerability due to stdlib XML parsing

High severity GitHub Reviewed Published Dec 15, 2020 in fleetdm/fleet • Updated Feb 1, 2023

Package

gomod github.com/fleetdm/fleet/v4 (Go)

Affected versions

< 3.5.1

Patched versions

3.5.1

Description

Impact

Due to issues in Go's standard library XML parsing, a valid SAML response may be mutated by an attacker to modify the trusted document. This can result in allowing unverified logins from a SAML IdP.

Users that configure Fleet with SSO login may be vulnerable to this issue.

Patches

This issue is patched in 3.5.1 using https://github.com/mattermost/xml-roundtrip-validator.

Workarounds

If upgrade to 3.5.1 is not possible, users should disable SSO authentication in Fleet.

References

See https://mattermost.com/blog/coordinated-disclosure-go-xml-vulnerabilities/ for more information about the underlying vulnerabilities.

For more information

If you have any questions or comments about this advisory:

References

@zwass zwass published to fleetdm/fleet Dec 15, 2020
Published by the National Vulnerability Database Dec 17, 2020
Reviewed May 21, 2021
Published to the GitHub Advisory Database Feb 11, 2022
Last updated Feb 1, 2023

Severity

High

EPSS score

0.590%
(79th percentile)

Weaknesses

CVE ID

CVE-2020-26276

GHSA ID

GHSA-w3wf-cfx3-6gcx

Source code

No known source code
Loading Checking history
See something to contribute? Suggest improvements for this vulnerability.