UBUNTU-CVE-2021-33054

See a problem?
Please try reporting it to the source first.

Source

https://ubuntu.com/security/CVE-2021-33054

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2021/UBUNTU-CVE-2021-33054.json

JSON Data

https://api.osv.dev/v1/vulns/UBUNTU-CVE-2021-33054

Upstream

CVE-2021-33054

Published

2021-06-04T15:15:00Z

Modified

2025-07-14T06:45:38.439380Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVSS Calculator
- medium

Summary

[none]

Details

SOGo 2.x before 2.4.1 and 3.x through 5.x before 5.1.1 does not validate the signatures of any SAML assertions it receives. Any actor with network access to the deployment could impersonate users when SAML is the authentication method. (Only versions after 2.0.5a are affected.)

References

Affected packages

Ubuntu:Pro:16.04:LTS / sogo

Package

Name: sogo
Purl: pkg:deb/ubuntu/sogo@2.2.17a-1.1build1?arch=source&distro=esm-apps/xenial

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.2.17a-1

2.2.17a-1.1

2.2.17a-1.1build1

Ubuntu:Pro:18.04:LTS / sogo

Package

Name: sogo
Purl: pkg:deb/ubuntu/sogo@3.2.10-1build1?arch=source&distro=esm-apps/bionic

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

3.*

3.2.10-1

3.2.10-1build1

Ubuntu:Pro:20.04:LTS / sogo

Package

Name: sogo
Purl: pkg:deb/ubuntu/sogo@4.3.0-1?arch=source&distro=esm-apps/focal

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

4.*

4.0.8-1

4.1.0-1

4.1.1-1

4.3.0-1

Ubuntu:22.04:LTS / sogo

Package

Name: sogo
Purl: pkg:deb/ubuntu/sogo@5.5.1-1?arch=source&distro=jammy

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

5.*

5.1.0-1

5.2.0-1

5.2.0-3

5.3.0-1

5.3.0-1build2

5.4.0-1

5.5.0-1

5.5.1-1

Ubuntu:25.04 / sogo

Package

Name: sogo
Purl: pkg:deb/ubuntu/sogo@5.11.2-4?arch=source&distro=plucky

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

5.*

5.11.0-1

5.11.2-1

5.11.2-1build1

5.11.2-3build1

5.11.2-4