CVE-2020-27847

CRITICAL9.8EPSS 0.36%

Authentication Bypass in dex

發布日:2021/12/20修改日:2026/3/13

描述

A vulnerability exists in the SAML connector of the github.com/dexidp/dex library used to process SAML Signature Validation. This flaw allows an attacker to bypass SAML authentication. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. This flaw affects dex versions before 2.27.0.

受影響套件(1)

Go/github.com/dexidp/dexfrom 0, < 2.27.0

CVSS 分數

來源	版本	嚴重程度	向量
osv	CVSS 3.1	CRITICAL9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

參考連結(4)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2020-27847
WEBhttps://bugzilla.redhat.com/show_bug.cgi?id=1907732
WEBhttps://github.com/dexidp/dex/security/advisories/GHSA-m9hp-7r99-94h5
WEBhttps://mattermost.com/blog/coordinated-disclosure-go-xml-vulnerabilities