cbcvebase.
CVE-2020-27847
published 2021-05-28

CVE-2020-27847: A vulnerability exists in the SAML connector of the github.com/dexidp/dex library used to process SAML Signature Validation. This flaw allows an attacker to…

PriorityP261critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
1.72%
74.6th percentile
A vulnerability exists in the SAML connector of the github.com/dexidp/dex library used to process SAML Signature Validation. This flaw allows an attacker to bypass SAML authentication. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. This flaw affects dex versions before 2.27.0.

Affected

3 ranges
VendorProductVersion rangeFixed in
dexidpdex
github.comdexidp_dex>= 0 < 2.27.02.27.0
linuxfoundationdex< 2.27.02.27.0

Detection & IOCsextracted from sources · hover to see the quote

  • The vulnerability targets SAML Signature Validation in the dexidp/dex SAML connector — monitor for SAML authentication bypass attempts against dex endpoints, particularly crafted XML payloads exploiting encoding/xml namespace prefix instability
  • Attack vector is crafted XML inputs that behave differently across tokenization round-trips — inspect SAML assertions and XML-DSig payloads for namespace prefix manipulation or directive anomalies
  • Known unsafe consumers of Go's encoding/xml are github.com/dexidp/dex and github.com/crewjam/saml — prioritize detection on services using these libraries for SAML or XML-DSig processing
  • ·Only dex versions before 2.27.0 are vulnerable; upgrade to dex 2.27.0 or later to remediate
  • ·Red Hat Advanced Cluster Management for Kubernetes 2.1 ships the vulnerable dexidp/dex library in observatorium-container for testing only — it is not reachable in production, but the dependency should be removed in a future update
  • ·No fix is planned for Go's encoding/xml library itself in RHEL 7, 8, or Red Hat Developer Tools; affected users should apply the Mattermost xml-roundtrip-validator workaround (https://github.com/mattermost/xml-roundtrip-validator)

CVSS provenance

nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
vendor_redhat9.8CRITICAL
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.