Vulnerability Description
Single Sign-On for Vmware Tanzu all versions prior to 1.11.3 ,1.12.x versions prior to 1.12.4 and 1.13.x prior to 1.13.1 are vulnerable to user impersonation attack.If two users are logged in to the SSO operator dashboard at the same time, with the same username, from two different identity providers, one can acquire the token of the other and thus operate with their permissions. Note: Foundation may be vulnerable only if: 1) The system zone is set up to use a SAML identity provider 2) There are internal users that have the same username as users in the external SAML provider 3) Those duplicate-named users have the scope to access the SSO operator dashboard 4) The vulnerability doesn't appear with LDAP because of chained authentication.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Vmware | Single Sign-On For Tanzu | < 1.11.3 |
Related Weaknesses (CWE)
References
- https://tanzu.vmware.com/security/cve-2020-5425Vendor Advisory
- https://tanzu.vmware.com/security/cve-2020-5425Vendor Advisory
FAQ
What is CVE-2020-5425?
CVE-2020-5425 is a vulnerability with a CVSS score of 7.9 (HIGH). Single Sign-On for Vmware Tanzu all versions prior to 1.11.3 ,1.12.x versions prior to 1.12.4 and 1.13.x prior to 1.13.1 are vulnerable to user impersonation attack.If two users are logged in to the S...
How severe is CVE-2020-5425?
CVE-2020-5425 has been rated HIGH with a CVSS base score of 7.9/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-5425?
Check the references section above for vendor advisories and patch information. Affected products include: Vmware Single Sign-On For Tanzu.