Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2020-27847

A vulnerability exists in the SAML connector of the github.com/dexidp/dex library used to process SAML Signature Validation. This flaw allows an attacker to bypass SAML authentication. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. This flaw affects dex versions before 2.27.0.

Published

2021-05-28T11:15:07.703

Last Modified

2024-11-21T05:21:55.627

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 9.8 (CRITICAL)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: PARTIAL
Availability Impact: PARTIAL

Exploitability Score

10.0

Impact Score

6.4

Weaknesses

Type: Primary
CWE-228

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	linuxfoundation	dex	< 2.27.0	Yes

References

https://bugzilla.redhat.com/show_bug.cgi?id=1907732 Issue Tracking, Third Party Advisory ([email protected])
https://github.com/dexidp/dex/security/advisories/GHSA-m9hp-7r99-94h5 Patch, Third Party Advisory ([email protected])
https://mattermost.com/blog/coordinated-disclosure-go-xml-vulnerabilities/ Vendor Advisory ([email protected])
https://bugzilla.redhat.com/show_bug.cgi?id=1907732 Issue Tracking, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/dexidp/dex/security/advisories/GHSA-m9hp-7r99-94h5 Patch, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://mattermost.com/blog/coordinated-disclosure-go-xml-vulnerabilities/ Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)