CVE-2020-27847
CRITICALdex < 2.27.0 - SAML Authentication Bypass via Signature Validation
Title source: llmDescription
A vulnerability exists in the SAML connector of the github.com/dexidp/dex library used to process SAML Signature Validation. This flaw allows an attacker to bypass SAML authentication. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. This flaw affects dex versions before 2.27.0.
References (3)
Core 3
Core References
Vendor Advisory x_refsource_misc
https://mattermost.com/blog/coordinated-disclosure-go-xml-vulnerabilities/
Issue Tracking, Third Party Advisory x_refsource_misc
https://bugzilla.redhat.com/show_bug.cgi?id=1907732
Patch, Third Party Advisory x_refsource_misc
https://github.com/dexidp/dex/security/advisories/GHSA-m9hp-7r99-94h5
Scores
CVSS v3
9.8
EPSS
0.0172
EPSS Percentile
74.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-228
Status
published
Products (2)
dexidp/dex
0 - 2.27.0Go
linuxfoundation/dex
< 2.27.0
Published
May 28, 2021
Tracked Since
Feb 18, 2026