Published: 06/10/2022 Updated: 11/07/2023

CVSS v3 Base Score: 6.5 | Impact Score: 3.6 | Exploitability Score: 2.8

VMScore: 0

Dex is an identity service that uses OpenID Connect to drive authentication for other apps. Dex instances with public clients (and by extension, clients accepting tokens issued by those Dex instances) are affected by this vulnerability if they are running a version before 2.35.0. An attacker can exploit this vulnerability by making a victim navigate to a malicious website and guiding them through the OIDC flow, stealing the OAuth authorization code in the process. The authorization code then can be exchanged by the attacker for a token, gaining access to applications accepting that token. Version 2.35.0 has introduced a fix for this issue. Users are advised to upgrade. There are no known workarounds for this issue.

Vulnerable Product	Search on Vulmon	Subscribe to Product
linuxfoundation dex

Synopsis Moderate: RHACS 43 enhancement and security update Type/Severity Security Advisory: Moderate Topic Updated images are now available for Red Hat Advanced Cluster Security The updated image includes bug and security fixesRed Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Sc ...

CWE-862 https://github.com/dexidp/dex/security/advisories/GHSA-vh7g-p26c-j2cw https://github.com/dexidp/dex/commit/49471b14c8080ddb034d4855841123d378b7a634 https://access.redhat.com/errata/RHSA-2023:7725 https://nvd.nist.gov

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2022-39222

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect