6.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
0.004 Low
EPSS
Percentile
73.7%
The following vulnerabilities have been disclosed, which impact users leveraging the SAML connector:
Signature Validation Bypass (CVE-2020-15216): https://github.com/russellhaering/goxmldsig/security/advisories/GHSA-q547-gmf8-8jr7
encoding/xml
instabilities:
Immediately update to Dex v2.27.0.
There are no known workarounds.
CPE | Name | Operator | Version |
---|---|---|---|
github.com/russellhaering/goxmldsig | lt | 1.1.0 | |
github.com/dexidp/dex | lt | 2.27.0 |
github.com/advisories/GHSA-m9hp-7r99-94h5
github.com/dexidp/dex/commit/324b1c886b407594196113a3dbddebe38eecd4e8
github.com/dexidp/dex/releases/tag/v2.27.0
github.com/dexidp/dex/security/advisories/GHSA-m9hp-7r99-94h5
github.com/mattermost/xml-roundtrip-validator/blob/master/advisories/unstable-attributes.md
github.com/mattermost/xml-roundtrip-validator/blob/master/advisories/unstable-directives.md
github.com/mattermost/xml-roundtrip-validator/blob/master/advisories/unstable-elements.md
github.com/russellhaering/goxmldsig/commit/f6188febf0c29d7ffe26a0436212b19cb9615e64
github.com/russellhaering/goxmldsig/security/advisories/GHSA-q547-gmf8-8jr7
mattermost.com/blog/coordinated-disclosure-go-xml-vulnerabilities/
nvd.nist.gov/vuln/detail/CVE-2020-26290
pkg.go.dev/vuln/GO-2020-0050
6.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
0.004 Low
EPSS
Percentile
73.7%