CVE: Common Vulnerabilities and Exposures

alert

Notice: Keyword searching of CVE Records is now available in the search box above. Keywords may include a CVE ID (e.g., CVE-2024-1234), or one or more keywords separated by a space (e.g., authorization, SQL Injection, cross site scripting, etc.). Learn more here.

alert

Notice: Keyword searching of CVE Records is now available in the search box above. Keywords may include a CVE ID (e.g., CVE-2024-1234), or one or more keywords separated by a space (e.g., authorization, SQL Injection, cross site scripting, etc.). Learn more here.

Expand or collapse notification button

Required CVE Record Information

Description

A vulnerability exists in the SAML connector of the github.com/dexidp/dex library used to process SAML Signature Validation. This flaw allows an attacker to bypass SAML authentication. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. This flaw affects dex versions before 2.27.0.

CWE 1 Total

CWE-228: CWE-228->CWE-290

Product Status

Versions 1 Total

Default Status: unknown

affected

References 3 Total

Updated: 2024-08-04

This container includes required additional information provided by the CVE Program for this vulnerability.

References 3 Total

https://mattermost.com/blog/coordinated-disclosure-go-xml-vulnerabilities/
external site
x_transferred
https://bugzilla.redhat.com/show_bug.cgi?id=1907732
external site
x_transferred
https://github.com/dexidp/dex/security/advisories/GHSA-m9hp-7r99-94h5
external site
x_transferred