← Volver a CVEs
CVE-2020-27847
CRITICAL9.8
Descripcion
A vulnerability exists in the SAML connector of the github.com/dexidp/dex library used to process SAML Signature Validation. This flaw allows an attacker to bypass SAML authentication. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. This flaw affects dex versions before 2.27.0.
Detalles CVE
Puntuacion CVSS v3.19.8
SeveridadCRITICAL
Vector CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vector de ataqueNETWORK
ComplejidadLOW
Privilegios requeridosNONE
Interaccion usuarioNONE
Publicado5/28/2021
Ultima modificacion11/21/2024
Fuentenvd
Avistamientos honeypot0
Productos afectados
linuxfoundation:dex
Debilidades (CWE)
CWE-228
Referencias
https://bugzilla.redhat.com/show_bug.cgi?id=1907732(secalert@redhat.com)
https://github.com/dexidp/dex/security/advisories/GHSA-m9hp-7r99-94h5(secalert@redhat.com)
https://mattermost.com/blog/coordinated-disclosure-go-xml-vulnerabilities/(secalert@redhat.com)
https://bugzilla.redhat.com/show_bug.cgi?id=1907732(af854a3a-2127-422b-91ae-364da2661108)
https://github.com/dexidp/dex/security/advisories/GHSA-m9hp-7r99-94h5(af854a3a-2127-422b-91ae-364da2661108)
https://mattermost.com/blog/coordinated-disclosure-go-xml-vulnerabilities/(af854a3a-2127-422b-91ae-364da2661108)
Correlaciones IOC
Sin correlaciones registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.