Skip to Content.
Sympa Menu

grouper-users - [grouper-users] Security advisory GRP-2705 for Grouper

Subject: Grouper Users - Open Discussion List

List archive

[grouper-users] Security advisory GRP-2705 for Grouper


Chronological Thread 
  • From: "Hyzer, Chris" <>
  • To: " Mailing List" <>, "" <>
  • Subject: [grouper-users] Security advisory GRP-2705 for Grouper
  • Date: Thu, 14 May 2020 20:16:35 +0000
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=isc.upenn.edu; dmarc=pass action=none header.from=isc.upenn.edu; dkim=pass header.d=isc.upenn.edu; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=7sy+XMHwYVCFal3ToReabgHUlAtfnrLT/KmX0E8wLpE=; b=Of93gXhqNOYod5ZFX07IlRvbJy6vpkhIuufWo9khTw0LD11cgteUQ0Zn6V4z++Vf6ZhEZ3LJQw6mo0LH4cMoxZyLcBJeah7nES812miS5G99+xcTtTeCr2so8rOy6f6462AQAP3WIMDIytqsZl6ApIrny22fyY9/R+QwVwsTShJGSDA1iEwFBSthrYXbMraXJt+EZZTJ/9JCXMeMYW0zOl4ta83Rx0g4G9eDhYGVk6JM4eEACy/1o1DLvuzuFJ9br8r/+HxzGH6WlUy2CNQkEBnAS2SZQDaxuy7XJ9+0Y6oNzQxiTdWLxiO8dhMMFfM50o7wMMY4ua/AM7xgHq6cNg==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=DjOnUg3yTETECrFjh9gqd0zS3HMPlAYlNOtqzEE9R1UoVo5GfqwpzJ7Hg4KlIEj2JxidpVUR9NUYerfzZlRGU9t1q5h+km1nqvLdr95f51noxZ3KSSAmglPovByGZWsn3gR/EP+pZKmP2xaZC9wy7Tfm1ThrX7kOUWioJAWzEfMtzgyEEa4AAsvJRAwt0XkCuC7nueLiEP7xJxRuS3ReHF2HeW+K3ZgNk50zy76qiqcKOPV9DrT11nPkeayTbjxPLEGP8R0VTKPWs3nfAa8voITyBQKfZJPjnoFC+rwQBfk5gcZXMk6ziFL94XNYnJR3cJkAkUZNX+cEMZ65S8B67Q==

Hello,

 

Grouper has a low severity security vulnerability, affecting the following versions of Grouper:

 

- 2.4 ui patch 46+

- 2.5 up to 2.5.27

 

Even if you are running an applicable version of Grouper, you still need to check to see if you are affected.  Upgrade to 2.5.28 or follow instructions for an alternate remediation.

 

Exploitation of this vulnerability could lead to Grouper admins at your institution to be able to view some encrypted configurations from the UI.  For full details, please see the advisory linked below.

 

https://todos.internet2.edu/browse/GRP-2705

 

Thanks

Chris Hyzer

Internet2 Grouper Lead



  • [grouper-users] Security advisory GRP-2705 for Grouper, Hyzer, Chris, 05/14/2020

Archive powered by MHonArc 2.6.19.

Top of Page