CVE-2020-27846

loic · December 26, 2020, 10:18am

$ cat >> /var/ossec/etc/rules/local_rules.xml <<EOF
  <rule id="100012" level="0">
    <if_sid>23506</if_sid>
    <field name="vulnerability.cve">CVE-2020-27846</field>
    <description>https://forum.enough.community/t/688</description>
  </rule>
EOF

The grafana instance runs localy and has no network interaction does not use SAML and is therefore not in the scope of this CVE.

@nesousx & @Pimthepoi please let me know if you have a different opinion.

The Debian page reads NOT-FOR-US: github.com/crewjam/saml, presumably because the vulnerable code is not included in the distribution.

@Pimthepoi shouldn’t this be ignored by wazuh ?

nesousx · December 26, 2020, 11:23am

Hi,

I also think this can safely be ignored. Our Grafana instance doesn’t use SAML authentication.

Sam 26 déc 2020, à 11:28, Loïc Dachary via Enough a écrit :

Pimthepoi · December 26, 2020, 12:14pm

Agreed, We can add it to the wazuh local rules ! However, I don’t think Not-for-us should prevent wazuh from sending an alert.

loic · December 26, 2020, 8:47pm

Since SAML is not packaged for Debian, what would the CVE alert be about?