Impact
Due to issues in Go's standard library XML parsing, a valid SAML response may be mutated by an attacker to modify the trusted document. This can result in allowing unverified logins from a SAML IdP.
Users that configure Fleet with SSO login may be vulnerable to this issue.
Patches
This issue is patched in 3.5.1 using https://github.com/mattermost/xml-roundtrip-validator.
Workarounds
If upgrade to 3.5.1 is not possible, users should disable SSO authentication in Fleet.
References
See https://mattermost.com/blog/coordinated-disclosure-go-xml-vulnerabilities/ for more information about the underlying vulnerabilities.
For more information
If you have any questions or comments about this advisory:
References
Impact
Due to issues in Go's standard library XML parsing, a valid SAML response may be mutated by an attacker to modify the trusted document. This can result in allowing unverified logins from a SAML IdP.
Users that configure Fleet with SSO login may be vulnerable to this issue.
Patches
This issue is patched in 3.5.1 using https://github.com/mattermost/xml-roundtrip-validator.
Workarounds
If upgrade to 3.5.1 is not possible, users should disable SSO authentication in Fleet.
References
See https://mattermost.com/blog/coordinated-disclosure-go-xml-vulnerabilities/ for more information about the underlying vulnerabilities.
For more information
If you have any questions or comments about this advisory:
References