Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
LinuxfoundationDex*

3 matches found

CVE
CVEadded 2022/10/06 12:0 a.m.399 views

CVE-2022-39222

Dex is an OpenID Connect identity service. Affected versions prior to 2.35.0 with public clients can have the OAuth authorization code exposed during the OIDC flow when a victim visits a malicious site. An attacker can then exchange the stolen authorization code for a token to gain access to appl...

9.3CVSS7.3AI score0.01127EPSS
CVE
CVEadded 2020/12/28 7:15 p.m.93 views

CVE-2020-26290

Dex (Dexidp) is affected by CVE-2020-26290: before v2.27.0, vulnerabilities in XML encoding within the Go library could enable a signature bypass in the SAML connector. The issue has been addressed in Dex v2.27.0 by adopting the xml-roundtrip-validator from Mattermost. Affected and related adviso...

9.6CVSS9.8AI score0.00977EPSS
CVE
CVEadded 2021/05/28 10:20 a.m.74 views

CVE-2020-27847

The CVE-2020-27847 issue is in the SAML connector of github.com/dexidp/dex, affecting Dex versions prior to 2.27.0 and enabling bypass of SAML authentication due to a flaw in Signature Validation. It impacts confidentiality, integrity, and availability. The cited mitigation is to upgrade to Dex v...

9.8CVSS9.1AI score0.01718EPSS