Authentication Bypass in dex

GHSA-2x32-jm95-2cpx · CVE-2020-27847

Published Dec 20, 2021 · Modified Mar 13, 2026

Description

A vulnerability exists in the SAML connector of the github.com/dexidp/dex library used to process SAML Signature Validation. This flaw allows an attacker to bypass SAML authentication. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. This flaw affects dex versions before 2.27.0.

References

WEB https://github.com/dexidp/dex/security/advisories/GHSA-m9hp-7r99-94h5
ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2020-27847
WEB https://bugzilla.redhat.com/show_bug.cgi?id=1907732
WEB https://mattermost.com/blog/coordinated-disclosure-go-xml-vulnerabilities

Ready to move

Start Securing

Start for Free Get Demo

Free, no credit card | First findings in minutes