Vulnerability in Dexidp/dex

CVE-2020-27847

A vulnerability exists in the SAML connector of the github.com/dexidp/dex library used to process SAML Signature Validation. This flaw allows an attacker to bypass SAML authentication. The highest threat from this vulnerability is to confi…

EPSS: 0.004 (58.3th percentile) — read the EPSS interpretation.

Affected products

N/a Dexidp/dex — versions dex 2.27.0

Weakness classification (CWE)

CWE-228

References

mattermost.com/blog/coordinated-disclosure-go-xml-vulnerabilities/ (x_refsource_MISC)
bugzilla.redhat.com/show_bug.cgi (x_refsource_MISC)
github.com/dexidp/dex/security/advisories/GHSA-m9hp-7r99-94h5 (x_refsource_MISC)