A vulnerability exists in the SAML connector of the github.com/dexidp/dex library used to process SAML Signature Validation. This flaw allows an attacker to bypass SAML authentication. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. This flaw affects dex versions before 2.27.0.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HLinuxfoundation Dex
APPLinuxfoundation< 2.27.0
Related vulnerabilities
Dex is an identity service that uses OpenID Connect to drive authentication for other apps. Dex instances with...
Dex is a federated OpenID Connect provider written in Go. In Dex before version 2.27.0 there is a critical set...
Dex is an identity service that uses OpenID Connect to drive authentication for other apps. Dex 2.37.0 serves ...
containerd is an open-source container runtime. In versions prior to 1.7.33, 2.3.2, 2.2.5, 2.1.9, and 2.0.10 t...
CloudNativePG: eskalacja uprawnień do superużytkownika PostgreSQL przez metrics exporter