漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Dex 2.37.0 is discarding TLSconfig and always serves deprecated TLS 1.0/1.1 and insecure ciphers
Vulnerability Description
Dex is an identity service that uses OpenID Connect to drive authentication for other apps. Dex 2.37.0 serves HTTPS with insecure TLS 1.0 and TLS 1.1. `cmd/dex/serve.go` line 425 seemingly sets TLS 1.2 as minimum version, but the whole `tlsConfig` is ignored after `TLS cert reloader` was introduced in v2.37.0. Configured cipher suites are not respected either. This issue is fixed in Dex 2.38.0.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Vulnerability Type
不充分的加密强度
Vulnerability Title
dex 安全漏洞
Vulnerability Description
dex是一种身份服务,它使用 OpenID Connect 来驱动其他应用程序的身份验证。 dex 2.38.0之前版本存在安全漏洞,该漏洞源于使用不安全的 TLS 1.0 和 TLS 1.1 提供 HTTPS,攻击者利用该漏洞可以解密 TLS 1.0 和 TLS 1.1 连接,从而解密 Dex 的流量。
CVSS Information
N/A
Vulnerability Type
N/A