// For flags

CVE-2020-27847

 

Severity Score

9.8
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

A vulnerability exists in the SAML connector of the github.com/dexidp/dex library used to process SAML Signature Validation. This flaw allows an attacker to bypass SAML authentication. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. This flaw affects dex versions before 2.27.0.

Se presenta una vulnerabilidad en el conector SAML de la biblioteca github.com/dexidp/dex que es usado para procesar la comprobaciĆ³n de firma SAML. Este fallo permite a un atacante omitir la autenticaciĆ³n SAML. La mayor amenaza de esta vulnerabilidad es la confidencialidad, la integridad y la disponibilidad del sistema. Este fallo afecta a dex versiones anteriores a 2.27.0

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
Partial
Integrity
Partial
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2020-10-27 CVE Reserved
  • 2021-05-28 CVE Published
  • 2024-02-11 EPSS Updated
  • 2024-08-04 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-228: Improper Handling of Syntactically Invalid Structure
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Linuxfoundation
Search vendor "Linuxfoundation"
 Dex
Search vendor "Linuxfoundation" for product "Dex"
 < 2.27.0
Search vendor "Linuxfoundation" for product "Dex" and version " < 2.27.0"
-
Affected