CRITICAL🇬🇧 English

CVE-2020-27847

CVSS 9.8v3.1pub. 2021-05-28upd. 2024-11-21

A vulnerability exists in the SAML connector of the github.com/dexidp/dex library used to process SAML Signature Validation. This flaw allows an attacker to bypass SAML authentication. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. This flaw affects dex versions before 2.27.0.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Linuxfoundation Dex

    APP
    Linuxfoundation
    < 2.27.0
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
CWE
Referencje

Powiązane podatności

CVE-2022-39222CRITICAL9.3ten sam produkt

Dex is an identity service that uses OpenID Connect to drive authentication for other apps. Dex instances with...

CVE-2020-26290CRITICAL9.3ten sam produkt

Dex is a federated OpenID Connect provider written in Go. In Dex before version 2.27.0 there is a critical set...

CVE-2024-23656HIGH7.5ten sam produkt

Dex is an identity service that uses OpenID Connect to drive authentication for other apps. Dex 2.37.0 serves ...

CVE-2026-53488CRITICAL9.4ten sam vendor

containerd is an open-source container runtime. In versions prior to 1.7.33, 2.3.2, 2.2.5, 2.1.9, and 2.0.10 t...

CVE-2026-44477CRITICAL9.4PL ✓ten sam vendor

CloudNativePG: eskalacja uprawnień do superużytkownika PostgreSQL przez metrics exporter

CVE-2020-27847 — CRITICAL 9.8 | CVEbaza.pl