CRITICAL🇵🇱 Wersja polska

CVE-2020-27847

CVSS 9.8v3.1pub. 2021-05-28upd. 2024-11-21

A vulnerability exists in the SAML connector of the github.com/dexidp/dex library used to process SAML Signature Validation. This flaw allows an attacker to bypass SAML authentication. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. This flaw affects dex versions before 2.27.0.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Linuxfoundation Dex

    APP
    Linuxfoundation
    < 2.27.0
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2022-39222CRITICAL9.3ten sam produkt

Dex is an identity service that uses OpenID Connect to drive authentication for other apps. Dex instances with...

CVE-2020-26290CRITICAL9.3ten sam produkt

Dex is a federated OpenID Connect provider written in Go. In Dex before version 2.27.0 there is a critical set...

CVE-2024-23656HIGH7.5ten sam produkt

Dex is an identity service that uses OpenID Connect to drive authentication for other apps. Dex 2.37.0 serves ...

CVE-2026-53488CRITICAL9.4ten sam vendor

containerd is an open-source container runtime. In versions prior to 1.7.33, 2.3.2, 2.2.5, 2.1.9, and 2.0.10 t...

CVE-2026-44477CRITICAL9.4PL ✓ten sam vendor

CloudNativePG: eskalacja uprawnień do superużytkownika PostgreSQL przez metrics exporter