Количество 3
Количество 3
CVE-2024-23656
Dex is an identity service that uses OpenID Connect to drive authentication for other apps. Dex 2.37.0 serves HTTPS with insecure TLS 1.0 and TLS 1.1. `cmd/dex/serve.go` line 425 seemingly sets TLS 1.2 as minimum version, but the whole `tlsConfig` is ignored after `TLS cert reloader` was introduced in v2.37.0. Configured cipher suites are not respected either. This issue is fixed in Dex 2.38.0.
CVE-2024-23656
Dex is an identity service that uses OpenID Connect to drive authentic ...
GHSA-gr79-9v6v-gc9r
Dex discarding TLSconfig and always serves deprecated TLS 1.0/1.1 and insecure ciphers
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2024-23656 Dex is an identity service that uses OpenID Connect to drive authentication for other apps. Dex 2.37.0 serves HTTPS with insecure TLS 1.0 and TLS 1.1. `cmd/dex/serve.go` line 425 seemingly sets TLS 1.2 as minimum version, but the whole `tlsConfig` is ignored after `TLS cert reloader` was introduced in v2.37.0. Configured cipher suites are not respected either. This issue is fixed in Dex 2.38.0. | CVSS3: 7.5 | 0% Низкий | около 2 лет назад |
| CVE-2024-23656 Dex is an identity service that uses OpenID Connect to drive authentic ... | CVSS3: 7.5 | 0% Низкий | около 2 лет назад |
| GHSA-gr79-9v6v-gc9r Dex discarding TLSconfig and always serves deprecated TLS 1.0/1.1 and insecure ciphers | CVSS3: 7.5 | 0% Низкий | около 2 лет назад |
Уязвимостей на страницу