CVE-2020-27847

ADVISORY - github

Summary

A vulnerability exists in the SAML connector of the github.com/dexidp/dex library used to process SAML Signature Validation. This flaw allows an attacker to bypass SAML authentication. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. This flaw affects dex versions before 2.27.0.

EPSS Score⁠: 0.00357 (0.576)

Common Weakness Enumeration (CWE)

ADVISORY - nist

CWE-228⁠

Improper Handling of Syntactically Invalid Structure

ADVISORY - github

CWE-228⁠

Improper Handling of Syntactically Invalid Structure

CWE-290⁠

Authentication Bypass by Spoofing

ADVISORY - gitlab

CWE-1035⁠

OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities

CWE-228⁠

Improper Handling of Syntactically Invalid Structure

CWE-290⁠

Authentication Bypass by Spoofing

CWE-937⁠

OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities

ADVISORY - redhat

CWE-228⁠

Improper Handling of Syntactically Invalid Structure

CWE-290⁠

Authentication Bypass by Spoofing

Impacted images

Sign in to Docker Scout

See which of your images are affected by this CVE and how to fix them by signing into Docker Scout.