Home
Bugtraq
Full List
Only Bugs
Only Tricks
Only Exploits
Only Dorks
Only CVE
Only CWE
Fake Notes
Ranking
CVEMAP
Full List
Show Vendors
Show Products
CWE Dictionary
Check CVE Id
Check CWE Id
Search
Bugtraq
CVEMAP
By author
CVE Id
CWE Id
By vendors
By products
RSS
Bugtraq
CVEMAP
CVE Products
Bugs
Exploits
Dorks
More
cIFrex
Facebook
Twitter
Donate
About
Submit
Vulnerabilities for
'DEX'
2021-05-28
CVE-2020-27847
CWE-228
A vulnerability exists in the SAML connector of the github.com/dexidp/dex library used to process SAML Signature Validation. This flaw allows an attacker to bypass SAML authentication. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. This flaw affects dex versions before 2.27.0.
2020-12-28
CVE-2020-26290
CWE-347
Dex is a federated OpenID Connect provider written in Go. In Dex before version 2.27.0 there is a critical set of vulnerabilities which impacts users leveraging the SAML connector. The vulnerabilities enables potential signature bypass due to issues with XML encoding in the underlying Go library. The vulnerabilities have been addressed in version 2.27.0 by using the xml-roundtrip-validator from Mattermost (see related references).
>>>
Vendor:
Linuxfoundation
32
Products
Foomatic-filters
XEN
DOJO
DEX
Fabric
Foomatic
Cups-filters
CEPH
RUNC
Harbor
Osquery
Open network operating system
ACRN
The update framework
Dojox
Argo continuous delivery
Free range routing
Jaeger
Nats-server
Containerd
Spinnaker
Indy-node
BESU
Argo-cd
Umoci
Backstage
Grpc swift
Cortex
Open container initiative distribution specification
Open container initiative image format specification
Auth backend
Kubeedge
Copyright
2024
, cxsecurity.com
Back to Top