==================================================================== CERT-Renater Note d'Information No. 2020/VULN129 _____________________________________________________________________ DATE : 12/03/2020 HARDWARE PLATFORM(S): / OPERATING SYSTEM(S): Systems running SAML Service Provider for Drupal versions prior to 8.x-3.7. ===================================================================== https://www.drupal.org/sa-contrib-2020-006 _____________________________________________________________________ SAML Service Provider - Critical - Access bypass - SA-CONTRIB-2020-006 Project: SAML Service Provider Date: 2020-March-11 Security risk: Critical 15∕25 AC:Basic/A:None/CI:Some/II:Some/E:Theoretical/TD:Default Vulnerability: Access bypass Description: This module enables you to authenticate Drupal users using an external SAML Identity Provider. If the site is configured to allow visitors to register for user accounts but administrator approval is required, the module doesn't sufficiently enforce the administrative approval requirement, in the case where the requesting user has already authenticated through SAML. This vulnerability is mitigated by the fact that user accounts created in this way have only default roles, which may not have access significantly beyond that of an anonymous user. To mitigate the vulnerability without upgrading sites could disable public registration. Solution: Install the latest version: If you use the SAML Service Provider module for Drupal 8.x, upgrade to SAML Service Provider 8.x-3.7 Also see the SAML Service Provider project page. Reported By: J Proctor Fixed By: J Proctor James Glasgow Coordinated By: Greg Knaddison of the Drupal Security Team ========================================================= + CERT-RENATER | tel : 01-53-94-20-44 + + 23/25 Rue Daviel | fax : 01-53-94-20-41 + + 75013 Paris | email:cert@support.renater.fr + =========================================================