VDB
CVE-2024-23656
CVE-2024-23656
PUBLISHED
CVSS 7.5 HIGH
Dex discarding TLSconfig and always serves deprecated TLS 1.0/1.1 and insecure ciphers
EPSS 0.24% · 47.1th percentile
Risk Scores
CVSS v3.1
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS Score
0.24%
47.1th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| github.com | dexidp/dex | 2.37.0, 2.37.0, 0 |
| dexidp | dex | = 2.37.0 |
| linuxfoundation | dex | 2.37.0 |
Timeline
- Jan 20, 1970 Fix PR Merged
- Jan 21, 1970 Security Advisory
- Jan 25, 2024 CVE Published
- Jan 31, 2024 EPSS Score
- Feb 28, 2024 EPSS Score
- Mar 26, 2024 EPSS Score
- Apr 23, 2024 EPSS Score
- May 20, 2024 EPSS Score
- Jun 17, 2024 EPSS Score
- Jul 14, 2024 EPSS Score
- Aug 11, 2024 EPSS Score
- Sep 7, 2024 EPSS Score
References
- https://github.com/dexidp/dex/security/advisories/GHSA-gr79-9v6v-gc9r url
- https://github.com/dexidp/dex/issues/2848 url
- https://github.com/dexidp/dex/pull/2964 url
- https://github.com/dexidp/dex/commit/5bbdb4420254ba73b9c4df4775fe7bdacf233b17 url
- https://github.com/dexidp/dex/blob/70d7a2c7c1bb2646b1a540e49616cbc39622fb83/cmd/dex/serve.go#L425 url
- https://nvd.nist.gov/vuln/detail/CVE-2024-23656 advisory
- https://github.com/dexidp/dex package