Browse all 3 CVE security advisories affecting dexidp. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Dexidp serves as an identity provider that enables authentication for applications using open standards like OAuth 2.0 and OpenID Connect. Historically, it has been susceptible to remote code execution, cross-site scripting, and privilege escalation vulnerabilities, often stemming from improper input validation and insecure default configurations. The project maintains a relatively small CVE count but has faced security concerns related to misconfigurations and insufficient protection against authentication bypass attacks. While no major public incidents have been widely documented, the presence of multiple RCE vulnerabilities in its history highlights the importance of proper implementation and ongoing security maintenance for deployments handling sensitive authentication data.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2024-23656 | Dex 2.37.0 is discarding TLSconfig and always serves deprecated TLS 1.0/1.1 and insecure ciphers — dexCWE-326 | 7.5 | High | 2024-01-25 |
| CVE-2022-39222 | OAuth authorization code exposure in Dex — dexCWE-200 | 9.3 | Critical | 2022-10-06 |
| CVE-2020-26290 | Critical security issues in XML encoding in Dex — dexCWE-347 | 9.3 | Critical | 2020-12-28 |
This page lists every published CVE security advisory associated with dexidp. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.