$ cat >> /var/ossec/etc/rules/local_rules.xml <<EOF
  <rule id="100012" level="0">
    <field name="vulnerability.cve">CVE-2020-27846</field>

The grafana instance runs localy and has no network interaction does not use SAML and is therefore not in the scope of this CVE.

@nesousx & @Pimthepoi please let me know if you have a different opinion.

The Debian page reads NOT-FOR-US:, presumably because the vulnerable code is not included in the distribution.

@Pimthepoi shouldn’t this be ignored by wazuh ?

1 Like


I also think this can safely be ignored. Our Grafana instance doesn’t use SAML authentication.

Sam 26 déc 2020, à 11:28, Loïc Dachary via Enough a écrit :


Agreed, We can add it to the wazuh local rules ! However, I don’t think Not-for-us should prevent wazuh from sending an alert.

1 Like

Since SAML is not packaged for Debian, what would the CVE alert be about?