[Security-news] SAML Service Provider - Critical - Access bypass - SA-CONTRIB-2020-006
security-news at drupal.org
security-news at drupal.org
Wed Mar 11 16:31:34 UTC 2020
View online: https://www.drupal.org/sa-contrib-2020-006
Project: SAML Service Provider [1]
Date: 2020-March-11
Security risk: *Critical* 15∕25
AC:Basic/A:None/CI:Some/II:Some/E:Theoretical/TD:Default [2]
Vulnerability: Access bypass
Description:
This module enables you to authenticate Drupal users using an external SAML
Identity Provider.
If the site is configured to allow visitors to register for user accounts but
administrator approval is required, the module doesn't sufficiently enforce
the administrative approval requirement, in the case where the requesting
user has already authenticated through SAML.
This vulnerability is mitigated by the fact that user accounts created in
this way have only default roles, which may not have access significantly
beyond that of an anonymous user. To mitigate the vulnerability without
upgrading sites could disable public registration.
Solution:
Install the latest version:
* If you use the SAML Service Provider module for Drupal 8.x, upgrade to
SAML Service Provider 8.x-3.7 [3]
Also see the SAML Service Provider [4] project page.
Reported By:
* J Proctor [5]
Fixed By:
* J Proctor [6]
* James Glasgow [7]
Coordinated By:
* Greg Knaddison [8] of the Drupal Security Team
[1] https://www.drupal.org/project/saml_sp
[2] https://www.drupal.org/security-team/risk-levels
[3] https://www.drupal.org/project/saml_sp/releases/8.x-3.7
[4] https://www.drupal.org/project/saml_sp
[5] https://www.drupal.org/user/1194192
[6] https://www.drupal.org/user/1194192
[7] https://www.drupal.org/user/36590
[8] https://www.drupal.org/user/36762
More information about the Security-news
mailing list