Sign In

CVE-2020-26290

ADVISORY - github

Summary

Impact

The following vulnerabilities have been disclosed, which impact users leveraging the SAML connector:

Signature Validation Bypass (CVE-2020-15216): https://github.com/russellhaering/goxmldsig/security/advisories/GHSA-q547-gmf8-8jr7

encoding/xml instabilities:

Patches

Immediately update to Dex v2.27.0.

Workarounds

There are no known workarounds.

EPSS Score: 0.005 (0.656)

Common Weakness Enumeration (CWE)

ADVISORY - nist

CWE-347

Improper Verification of Cryptographic Signature

ADVISORY - github

CWE-347

Improper Verification of Cryptographic Signature

ADVISORY - gitlab

CWE-1035

OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities

CWE-347

Improper Verification of Cryptographic Signature

CWE-707

Improper Neutralization

CWE-937

OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities

ADVISORY - gitlab

CWE-1035

OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities

CWE-228

Improper Handling of Syntactically Invalid Structure

CWE-290

Authentication Bypass by Spoofing

CWE-937

OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities

Impacted images

Advisories
Sign in to Docker Scout

See which of your images are affected by this CVE and how to fix them by signing into Docker Scout.

Sign in