CVE-2020-27847
published 2021-05-28CVE-2020-27847: A vulnerability exists in the SAML connector of the github.com/dexidp/dex library used to process SAML Signature Validation. This flaw allows an attacker to…
PriorityP261critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
1.72%
74.6th percentile
A vulnerability exists in the SAML connector of the github.com/dexidp/dex library used to process SAML Signature Validation. This flaw allows an attacker to bypass SAML authentication. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. This flaw affects dex versions before 2.27.0.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| dexidp | dex | — | — |
| github.com | dexidp_dex | >= 0 < 2.27.0 | 2.27.0 |
| linuxfoundation | dex | < 2.27.0 | 2.27.0 |
Detection & IOCsextracted from sources · hover to see the quote
- →The vulnerability targets SAML Signature Validation in the dexidp/dex SAML connector — monitor for SAML authentication bypass attempts against dex endpoints, particularly crafted XML payloads exploiting encoding/xml namespace prefix instability ↗
- →Attack vector is crafted XML inputs that behave differently across tokenization round-trips — inspect SAML assertions and XML-DSig payloads for namespace prefix manipulation or directive anomalies ↗
- →Known unsafe consumers of Go's encoding/xml are github.com/dexidp/dex and github.com/crewjam/saml — prioritize detection on services using these libraries for SAML or XML-DSig processing ↗
- ·Only dex versions before 2.27.0 are vulnerable; upgrade to dex 2.27.0 or later to remediate ↗
- ·Red Hat Advanced Cluster Management for Kubernetes 2.1 ships the vulnerable dexidp/dex library in observatorium-container for testing only — it is not reachable in production, but the dependency should be removed in a future update ↗
- ·No fix is planned for Go's encoding/xml library itself in RHEL 7, 8, or Red Hat Developer Tools; affected users should apply the Mattermost xml-roundtrip-validator workaround (https://github.com/mattermost/xml-roundtrip-validator) ↗
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
vendor_redhat9.8CRITICAL
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
Authentication Bypass in dex
ghsa·2021-12-20
CVE-2020-27847 [CRITICAL] CWE-228 Authentication Bypass in dex
Authentication Bypass in dex
A vulnerability exists in the SAML connector of the github.com/dexidp/dex library used to process SAML Signature Validation. This flaw allows an attacker to bypass SAML authentication. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. This flaw affects dex versions before 2.27.0.
OSV
Authentication Bypass in dex
osv·2021-12-20
CVE-2020-27847 [CRITICAL] Authentication Bypass in dex
Authentication Bypass in dex
A vulnerability exists in the SAML connector of the github.com/dexidp/dex library used to process SAML Signature Validation. This flaw allows an attacker to bypass SAML authentication. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. This flaw affects dex versions before 2.27.0.
Red Hat
dexidp/dex: authentication bypass in saml authentication
vendor_redhat·2020-12-15·CVSS 9.8
CVE-2020-27847 [CRITICAL] CWE-228 dexidp/dex: authentication bypass in saml authentication
dexidp/dex: authentication bypass in saml authentication
A vulnerability exists in the SAML connector of the github.com/dexidp/dex library used to process SAML Signature Validation. This flaw allows an attacker to bypass SAML authentication. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. This flaw affects dex versions before 2.27.0.
A vulnerability exists in the SAML connector of the github.com/dexidp/dex library used to process SAML Signature Validation. This flaw allows an attacker to bypass SAML authentication. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
Statement: Red Hat Advanced Cluster Management for Kubernetes 2.1 packages the dexidp/dex library in obser
Red Hat
go: encoding/xml: XML directives instability
vendor_redhat·2020-12-14·CVSS 9.8
CVE-2020-29510 [CRITICAL] CWE-115 go: encoding/xml: XML directives instability
go: encoding/xml: XML directives instability
The encoding/xml package in Go versions 1.15 and earlier does not correctly preserve the semantics of directives during tokenization round-trips, which allows an attacker to craft inputs that behave in conflicting ways during different stages of processing in affected downstream applications.
A flaw was found in go. Encoding and decoding of XML directives could lead to changes in the observed integrity. An attacker could use this flaw to trick applications which rely on directive integrity for security decisions to make those decisions incorrectly. Known vulnerability use-cases are SAML and XML-DSig.
Statement: All uses of xml/encoding package in OpenShift Container Platform, OpenShift Jaeger, OpenShift Service Mesh (OSSM), OpenShift Virtuali
Red Hat
go: encoding/xml: XML attribute instability
vendor_redhat·2020-12-14·CVSS 9.8
CVE-2020-29509 [CRITICAL] CWE-115 go: encoding/xml: XML attribute instability
go: encoding/xml: XML attribute instability
The encoding/xml package in Go (all versions) does not correctly preserve the semantics of attribute namespace prefixes during tokenization round-trips, which allows an attacker to craft inputs that behave in conflicting ways during different stages of processing in affected downstream applications.
A flaw was found in go. Encoding and decoding of XML attributes could lead to changes in the observed integrity. An attacker could use this flaw to trick applications which rely on attribute integrity for security decisions to make those decisions incorrectly. Known vulnerability use-cases are SAML and XML-DSig.
Statement: All uses of xml/encoding package in OpenShift Container Platform, OpenShift Jaeger, OpenShift Service Mesh (OSSM), OpenShift Vi
Red Hat
go: encoding/xml: XML element instability
vendor_redhat·2020-12-14·CVSS 9.8
CVE-2020-29511 [CRITICAL] CWE-115 go: encoding/xml: XML element instability
go: encoding/xml: XML element instability
The encoding/xml package in Go (all versions) does not correctly preserve the semantics of element namespace prefixes during tokenization round-trips, which allows an attacker to craft inputs that behave in conflicting ways during different stages of processing in affected downstream applications.
A flaw was found in go. Encoding and decoding of XML elements could lead to changes in the observed integrity. An attacker could use this flaw to trick applications which rely on element integrity for security decisions to make those decisions incorrectly. Known vulnerability use-cases are SAML and XML-DSig.
Statement: All uses of xml/encoding package in OpenShift Container Platform, OpenShift Jaeger, OpenShift Service Mesh (OSSM), OpenShift Virtualiza
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://bugzilla.redhat.com/show_bug.cgi?id=1907732https://github.com/dexidp/dex/security/advisories/GHSA-m9hp-7r99-94h5https://mattermost.com/blog/coordinated-disclosure-go-xml-vulnerabilities/https://bugzilla.redhat.com/show_bug.cgi?id=1907732https://github.com/dexidp/dex/security/advisories/GHSA-m9hp-7r99-94h5https://mattermost.com/blog/coordinated-disclosure-go-xml-vulnerabilities/
2021-05-28
Published