CVE-2020-5425 : Single Sign-On for Vmware Tanzu all versions prior to 1.11.3 ,1.12.x versions pr

Single Sign-On for Vmware Tanzu all versions prior to 1.11.3 ,1.12.x versions prior to 1.12.4 and 1.13.x prior to 1.13.1 are vulnerable to user impersonation attack.If two users are logged in to the SSO operator dashboard at the same time, with the same username, from two different identity providers, one can acquire the token of the other and thus operate with their permissions. Note: Foundation may be vulnerable only if: 1) The system zone is set up to use a SAML identity provider 2) There are internal users that have the same username as users in the external SAML provider 3) Those duplicate-named users have the scope to access the SSO operator dashboard 4) The vulnerability doesn't appear with LDAP because of chained authentication.

Published 2020-10-31 22:15:12

Updated 2020-11-17 18:33:33

Source Pivotal Software, Inc.

View at NVD, CVE.org

Vulnerability category: BypassGain privilege

Products affected by CVE-2020-5425

Vmware » Single Sign-on For Tanzu
Versions from including (>=) 1.12.0 and before (<) 1.12.4
cpe:2.3:a:vmware:single_sign-on_for_tanzu:*:*:*:*:*:*:*:*
Matching versions
Vmware » Single Sign-on For Tanzu
Versions from including (>=) 1.13.0 and before (<) 1.13.1
cpe:2.3:a:vmware:single_sign-on_for_tanzu:*:*:*:*:*:*:*:*
Matching versions
Vmware » Single Sign-on For Tanzu
Versions before (<) 1.11.3
cpe:2.3:a:vmware:single_sign-on_for_tanzu:*:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2020-5425

EPSS FAQ

0.13%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 29 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2020-5425

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
4.6	MEDIUM	AV:N/AC:H/Au:S/C:P/I:P/A:P	3.9	6.4	NIST
Access Vector: Network Access Complexity: High Authentication: Single Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: Partial
7.5	HIGH	CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:C/C:L/I:H/A:H	1.0	6.0	Pivotal Software, Inc.
Attack Vector: Network Attack Complexity: High Privileges Required: High User Interaction: Required Scope: Changed Confidentiality: Low Integrity: High Availability: High
7.9	HIGH	CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:H	1.3	6.0	NIST
Attack Vector: Network Attack Complexity: High Privileges Required: Low User Interaction: Required Scope: Changed Confidentiality: Low Integrity: High Availability: High

CWE ids for CVE-2020-5425

CWE-287 Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.
Assigned by:
- nvd@nist.gov (Primary)
- security@pivotal.io (Secondary)

References for CVE-2020-5425

https://tanzu.vmware.com/security/cve-2020-5425

CVE-2020-5425: User Impersonation possible in Tanzu SSO | Security | VMware Tanzu
Vendor Advisory

Jump to

Vulnerability Details : CVE-2020-5425

Products affected by CVE-2020-5425

Exploit prediction scoring system (EPSS) score for CVE-2020-5425

CVSS scores for CVE-2020-5425

CWE ids for CVE-2020-5425

References for CVE-2020-5425