grouper-users - [grouper-users] Security advisory GRP-2705 for Grouper
Subject: Grouper Users - Open Discussion List
List archive
- From: "Hyzer, Chris" <>
- To: " Mailing List" <>, "" <>
- Subject: [grouper-users] Security advisory GRP-2705 for Grouper
- Date: Thu, 14 May 2020 20:16:35 +0000
- Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=isc.upenn.edu; dmarc=pass action=none header.from=isc.upenn.edu; dkim=pass header.d=isc.upenn.edu; arc=none
- Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=7sy+XMHwYVCFal3ToReabgHUlAtfnrLT/KmX0E8wLpE=; b=Of93gXhqNOYod5ZFX07IlRvbJy6vpkhIuufWo9khTw0LD11cgteUQ0Zn6V4z++Vf6ZhEZ3LJQw6mo0LH4cMoxZyLcBJeah7nES812miS5G99+xcTtTeCr2so8rOy6f6462AQAP3WIMDIytqsZl6ApIrny22fyY9/R+QwVwsTShJGSDA1iEwFBSthrYXbMraXJt+EZZTJ/9JCXMeMYW0zOl4ta83Rx0g4G9eDhYGVk6JM4eEACy/1o1DLvuzuFJ9br8r/+HxzGH6WlUy2CNQkEBnAS2SZQDaxuy7XJ9+0Y6oNzQxiTdWLxiO8dhMMFfM50o7wMMY4ua/AM7xgHq6cNg==
- Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=DjOnUg3yTETECrFjh9gqd0zS3HMPlAYlNOtqzEE9R1UoVo5GfqwpzJ7Hg4KlIEj2JxidpVUR9NUYerfzZlRGU9t1q5h+km1nqvLdr95f51noxZ3KSSAmglPovByGZWsn3gR/EP+pZKmP2xaZC9wy7Tfm1ThrX7kOUWioJAWzEfMtzgyEEa4AAsvJRAwt0XkCuC7nueLiEP7xJxRuS3ReHF2HeW+K3ZgNk50zy76qiqcKOPV9DrT11nPkeayTbjxPLEGP8R0VTKPWs3nfAa8voITyBQKfZJPjnoFC+rwQBfk5gcZXMk6ziFL94XNYnJR3cJkAkUZNX+cEMZ65S8B67Q==
Hello,
Grouper has a low severity security vulnerability, affecting the following versions of Grouper:
- 2.4 ui patch 46+ - 2.5 up to 2.5.27
Even if you are running an applicable version of Grouper, you still need to check to see if you are affected. Upgrade to 2.5.28 or follow instructions for an alternate remediation.
Exploitation of this vulnerability could lead to Grouper admins at your institution to be able to view some encrypted configurations from the UI. For full details, please see the advisory linked below.
https://todos.internet2.edu/browse/GRP-2705
Thanks Chris Hyzer Internet2 Grouper Lead |
- [grouper-users] Security advisory GRP-2705 for Grouper, Hyzer, Chris, 05/14/2020
Archive powered by MHonArc 2.6.19.