CVE-2020-27847
Published: 28 May 2021
Summary
CVE-2020-27847 is a critical-severity Improper Handling of Syntactically Invalid Structure (CWE-228) vulnerability in Linuxfoundation Dex. Its CVSS base score is 9.8 (Critical).
Operationally, ranked in the top 41.6% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2021-2428
Vulnerability details
A vulnerability exists in the SAML connector of the github.com/dexidp/dex library used to process SAML Signature Validation. This flaw allows an attacker to bypass SAML authentication. The highest threat from this vulnerability is to confidentiality, integrity, as well as system…
more
availability. This flaw affects dex versions before 2.27.0.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.