Authentication Bypass in dex
Critical severity
GitHub Reviewed
Published
Dec 20, 2021
to the GitHub Advisory Database
•
Updated Feb 1, 2023
Description
Published by the National Vulnerability Database
May 28, 2021
Reviewed
Jun 1, 2021
Published to the GitHub Advisory Database
Dec 20, 2021
Last updated
Feb 1, 2023
A vulnerability exists in the SAML connector of the github.com/dexidp/dex library used to process SAML Signature Validation. This flaw allows an attacker to bypass SAML authentication. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. This flaw affects dex versions before 2.27.0.
References