7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
6.7 Medium
AI Score
Confidence
Low
0.001 Low
EPSS
Percentile
26.0%
Dex discarding TLSconfig and always serves deprecated TLS 1.0/1.1 and insecure ciphers in github.com/dexidp/dex
github.com/dexidp/dex/blob/70d7a2c7c1bb2646b1a540e49616cbc39622fb83/cmd/dex/serve.go#L425
github.com/dexidp/dex/commit/5bbdb4420254ba73b9c4df4775fe7bdacf233b17
github.com/dexidp/dex/issues/2848
github.com/dexidp/dex/pull/2964
github.com/dexidp/dex/security/advisories/GHSA-gr79-9v6v-gc9r
nvd.nist.gov/vuln/detail/CVE-2024-23656
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
6.7 Medium
AI Score
Confidence
Low
0.001 Low
EPSS
Percentile
26.0%