On monday the 14th of december the Mattermost team concluded their effort of a joined disclosure of issues found in a popular Golang XML parser also used in Kopano Konnect.
Users of Kopano Konnect who are using a SAML authority to sign into Konnect are recommended to update Konnect to version 0.33.11 or later.
The upstream advisory can be found at crewjam/saml – GHSA-4hq8-gmxx-h6w9
Affected products:
- Kopano Konnect < 0.33.11
References:
- CVE-2020-29509
- CVE-2020-29510
- CVE-2020-29511
- https://github.com/mattermost/xml-roundtrip-validator