CVE-2020-27847

ADVISORY - github

Summary

A vulnerability exists in the SAML connector of the github.com/dexidp/dex library used to process SAML Signature Validation. This flaw allows an attacker to bypass SAML authentication. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. This flaw affects dex versions before 2.27.0.

EPSS Score⁠: 0.00357 (0.576)

Common Weakness Enumeration (CWE)

ADVISORY - nist

CWE-228⁠

Improper Handling of Syntactically Invalid Structure

ADVISORY - github

CWE-228⁠

Improper Handling of Syntactically Invalid Structure

CWE-290⁠

Authentication Bypass by Spoofing

ADVISORY - gitlab

CWE-1035⁠

OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities

CWE-228⁠

Improper Handling of Syntactically Invalid Structure

CWE-290⁠

Authentication Bypass by Spoofing

CWE-937⁠

OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities

ADVISORY - redhat

CWE-228⁠

Improper Handling of Syntactically Invalid Structure

CWE-290⁠

Authentication Bypass by Spoofing

Impacted images

Advisories

NIST

CREATED

5 years ago

UPDATED

1 year ago

ADVISORY IDCVE-2020-27847⁠

EXPLOITABILITY SCORE

3.9

EXPLOITS FOUND

-

COMMON WEAKNESS ENUMERATION (CWE)

CVSS SCORE

9.8critical

GitHub

CREATED

4 years ago

UPDATED

5 years ago

ADVISORY IDGHSA-2x32-jm95-2cpx⁠

EXPLOITABILITY SCORE

3.9

EXPLOITS FOUND

-

COMMON WEAKNESS ENUMERATION (CWE)

CWE-228⁠CWE-290⁠

CVSS SCORE

9.8critical

Alpine

CREATED

7 months ago

UPDATED

1 month ago

ADVISORY IDCVE-2020-27847⁠

EXPLOITABILITY SCORE

-

EXPLOITS FOUND

-

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

GoLang

CREATED

5 years ago

UPDATED

2 years ago

ADVISORY IDGO-2020-0050⁠

EXPLOITABILITY SCORE

-

EXPLOITS FOUND

-

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

GitLab

CREATED

5 years ago

UPDATED

5 years ago

ADVISORY ID

CVE-2020-27847

EXPLOITABILITY SCORE

3.9

EXPLOITS FOUND

-

COMMON WEAKNESS ENUMERATION (CWE)

CWE-1035⁠CWE-228⁠CWE-290⁠CWE-937⁠

CVSS SCORE

9.8critical

Red Hat

CREATED

5 years ago

UPDATED

1 year ago

ADVISORY IDCVE-2020-27847⁠

EXPLOITABILITY SCORE

3.9

EXPLOITS FOUND

-

COMMON WEAKNESS ENUMERATION (CWE)

CWE-228⁠CWE-290⁠

CVSS SCORE

9.8critical

Chainguard

CREATED

2 months ago

UPDATED

2 months ago

ADVISORY ID

CGA-f5jj-g95c-75vx

EXPLOITABILITY SCORE

-

EXPLOITS FOUND

-

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Chainguard

CREATED

3 years ago

UPDATED

3 years ago

ADVISORY ID

CGA-qjrf-w56f-p6hw

EXPLOITABILITY SCORE

-

EXPLOITS FOUND

-

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY