Lucene search

CVE-2024-23656

🗓️ 25 Jan 2024 20:41:15Reported by GoogleType

osv🔗 osv.dev👁 13 Views

Dex 2.37.0 TLS security vulnerability fixed in version 2.38.0

Reporter	Title	Published	Views	Family All 11
OSV	CGA-JMWF-RPP8-M7FH	6 Jun 202412:28	–	osv
OSV	Dex discarding TLSconfig and always serves deprecated TLS 1.0/1.1 and insecure ciphers	26 Jan 202401:57	–	osv
OSV	GO-2024-2476 Dex discarding TLSconfig and always serves deprecated TLS 1.0/1.1 and insecure ciphers in github.com/dexidp/dex	28 Jun 202415:28	–	osv
Cvelist	CVE-2024-23656 Dex 2.37.0 is discarding TLSconfig and always serves deprecated TLS 1.0/1.1 and insecure ciphers	25 Jan 202419:45	–	cvelist
NVD	CVE-2024-23656	25 Jan 202420:15	–	nvd
Prion	Authentication flaw	25 Jan 202420:15	–	prion
Veracode	Inadequate TLS Encryption	29 Jan 202408:00	–	veracode
Wolfi	CVE-2024-23656 vulnerabilities	25 Jan 202420:15	–	wolfi
CVE	CVE-2024-23656	25 Jan 202420:15	–	cve
Github Security Blog	Dex discarding TLSconfig and always serves deprecated TLS 1.0/1.1 and insecure ciphers	26 Jan 202401:57	–	github

Source	Link
github	www.github.com/dexidp/dex/security/advisories/GHSA-gr79-9v6v-gc9r
github	www.github.com/dexidp/dex/commit/5bbdb4420254ba73b9c4df4775fe7bdacf233b17
github	www.github.com/dexidp/dex/pull/2964
github	www.github.com/dexidp/dex/issues/2848
github	www.github.com/dexidp/dex/blob/70d7a2c7c1bb2646b1a540e49616cbc39622fb83/cmd/dex/serve.go

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

25 Jan 2024 20:15Current

6.8Medium risk

Vulners AI Score6.8

CVSS37.5

EPSS0.00129