Lucene search
Veracode Vulnerability DatabaseVERACODE:45189HistoryJan 29, 2024 - 8:00 a.m.
Inadequate TLS Encryption
2024-01-2908:00:05
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
10
vulnerability
tls encryption
htts
traffic
attacker
eavesdrop
software
CVSS3
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
AI Score
6.7
Confidence
High
EPSS
0.001
Percentile
25.8%
github.com/dexidp/dex is vulnerable to Inadequate TLS Encryption. The vulnerability is due to serving HTTS traffic over insecure TLS 1.0 and TLS 1.1, which allows an attacker to eavesdrop on the traffic.
Related
osv
osv
CGA-jmwf-rpp8-m7fh
2024-06-06 12:28:15
Dex discarding TLSconfig and always serves deprecated TLS 1.0/1.1 and insecure ciphers
2024-01-26 01:57:31
CVE-2024-23656
2024-01-25 20:15:41
nvd
nvd
CVE-2024-23656
2024-01-25 20:15:41
cvelist
cvelist
github
github
cgr
cgr
CVE-2024-23656 vulnerabilities
2024-05-19 03:07:16
cve
cve
CVE-2024-23656
2024-01-25 20:15:41
prion
prion
Authentication flaw
2024-01-25 20:15:00
wolfi
wolfi
CVE-2024-23656 vulnerabilities
2024-09-30 03:53:08
CVSS3
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
AI Score
6.7
Confidence
High
EPSS
0.001
Percentile
25.8%
Related for VERACODE:45189