CVSS: 3.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-5301 – Information disclosure of source code in SimpleSAMLphp
https://notcve.org/view.php?id=CVE-2020-5301
21 Apr 2020 — SimpleSAMLphp versions before 1.18.6 contain an information disclosure vulnerability. The module controller in `SimpleSAML\Module` that processes requests for pages hosted by modules, has code to identify paths ending with `.php` and process those as PHP code. If no other suitable way of handling the given path exists it presents the file to the browser. The check to identify paths ending with `.php` does not account for uppercase letters. If someone requests a path ending with e.g. `.PHP` and the server is... • https://github.com/simplesamlphp/simplesamlphp/commit/47968d26a2fd3ed52da70dc09210921d612ce44e • CWE-178: Improper Handling of Case Sensitivity CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2020-5226 – Cross-site scripting in SimpleSAMLphp
https://notcve.org/view.php?id=CVE-2020-5226
24 Jan 2020 — Cross-site scripting in SimpleSAMLphp before version 1.18.4. The www/erroreport.php script allows error reports to be submitted and sent to the system administrator. Starting with SimpleSAMLphp 1.18.0, a new SimpleSAML\Utils\EMail class was introduced to handle sending emails, implemented as a wrapper of an external dependency. This new wrapper allows us to use Twig templates in order to create the email sent with an error report. Since Twig provides automatic escaping of variables, manual escaping of the f... • https://github.com/simplesamlphp/simplesamlphp/security/advisories/GHSA-mj9p-v2r8-wf8w • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-5225 – Log injection in SimpleSAMLphp
https://notcve.org/view.php?id=CVE-2020-5225
24 Jan 2020 — Log injection in SimpleSAMLphp before version 1.18.4. The www/erroreport.php script, which receives error reports and sends them via email to the system administrator, did not properly sanitize the report identifier obtained from the request. This allows an attacker, under specific circumstances, to inject new log lines by manually crafting this report ID. When configured to use the file logging handler, SimpleSAMLphp will output all its logs by appending each log line to a given file. Since the reportID pa... • https://github.com/simplesamlphp/simplesamlphp/security/advisories/GHSA-6gc6-m364-85ww • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 8.8EPSS: 0%CPEs: 7EXPL: 0CVE-2019-3465 – Debian Security Advisory 4560-1
https://notcve.org/view.php?id=CVE-2019-3465
06 Nov 2019 — Rob Richards XmlSecLibs, all versions prior to v3.0.3, as used for example by SimpleSAMLphp, performed incorrect validation of cryptographic signatures in XML messages, allowing an authenticated attacker to impersonate others or elevate privileges by creating a crafted XML message. Rob Richards XmlSecLibs, todas las versiones anteriores a la v3.0.3, como es usada por ejemplo mediante SimpleSAMLphp, realizó una comprobación incorrecta de las firmas criptográficas en los mensajes XML, permitiendo a un atacant... • https://github.com/robrichards/xmlseclibs/commit/0a53d3c3aa87564910cae4ed01416441d3ae0db5 • CWE-347: Improper Verification of Cryptographic Signature •
CVSS: 8.1EPSS: 0%CPEs: 5EXPL: 0CVE-2018-7711
https://notcve.org/view.php?id=CVE-2018-7711
05 Mar 2018 — HTTPRedirect.php in the saml2 library in SimpleSAMLphp before 1.15.4 has an incorrect check of return values in the signature validation utilities, allowing an attacker to get invalid signatures accepted as valid by forcing an error during validation. This occurs because of a dependency on PHP functionality that interprets a -1 error code as a true boolean value. HTTPRedirect.php en la biblioteca saml2 en SimpleSAMLphp, en versiones anteriores a la 1.15.4, tiene una comprobación incorrecta de valores de ret... • https://github.com/simplesamlphp/saml2/commit/4f6af7f69f29df8555a18b9bb7b646906b45924d • CWE-347: Improper Verification of Cryptographic Signature •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2018-7644
https://notcve.org/view.php?id=CVE-2018-7644
05 Mar 2018 — The XmlSecLibs library as used in the saml2 library in SimpleSAMLphp before 1.15.3 incorrectly verifies signatures on SAML assertions, allowing a remote attacker to construct a crafted SAML assertion on behalf of an Identity Provider that would pass as cryptographically valid, thereby allowing them to impersonate a user from that Identity Provider, aka a key confusion issue. La biblioteca XmlSecLibs, tal y como se utiliza en la biblioteca saml2 en SimpleSAMLphp, en versiones anteriores a la 1.15.3, verifica... • https://simplesamlphp.org/security/201802-01 • CWE-347: Improper Verification of Cryptographic Signature •
CVSS: 8.1EPSS: 0%CPEs: 4EXPL: 0CVE-2017-18122 – Debian Security Advisory 4127-1
https://notcve.org/view.php?id=CVE-2017-18122
02 Feb 2018 — A signature-validation bypass issue was discovered in SimpleSAMLphp through 1.14.16. A SimpleSAMLphp Service Provider using SAML 1.1 will regard as valid any unsigned SAML response containing more than one signed assertion, provided that the signature of at least one of the assertions is valid. Attributes contained in all the assertions received will be merged and the entityID of the first assertion received will be used, allowing an attacker to impersonate any user of any IdP given an assertion signed by t... • https://lists.debian.org/debian-lts-announce/2018/02/msg00008.html • CWE-347: Improper Verification of Cryptographic Signature •
CVSS: 6.1EPSS: 0%CPEs: 4EXPL: 0CVE-2017-18121 – Debian Security Advisory 4127-1
https://notcve.org/view.php?id=CVE-2017-18121
02 Feb 2018 — The consentAdmin module in SimpleSAMLphp through 1.14.15 is vulnerable to a Cross-Site Scripting attack, allowing an attacker to craft links that could execute arbitrary JavaScript code on the victim's web browser. El módulo consentAdmin en SimpleSAMLphp, hasta la versión 1.14.15, es vulnerable a un ataque de Cross-Site Scripting (XSS), lo que permite que un atacante manipule enlaces que podrían ejecutar código JavaScript arbitrario en el navegador web de la víctima. Several vulnerabilities have been discov... • https://lists.debian.org/debian-lts-announce/2018/02/msg00008.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 1CVE-2018-6521 – Debian Security Advisory 4127-1
https://notcve.org/view.php?id=CVE-2018-6521
02 Feb 2018 — The sqlauth module in SimpleSAMLphp before 1.15.2 relies on the MySQL utf8 charset, which truncates queries upon encountering four-byte characters. There might be a scenario in which this allows remote attackers to bypass intended access restrictions. El módulo sqlauth en SimpleSAMLphp en versiones anteriores a la 1.15.2 confía en el charset utf8 MySQL, que trunca las consultas cuando encuentra caracteres de cuatro bytes. Puede haber un escenario en el que esto permita que los atacantes remotos omitan las r... • https://lists.debian.org/debian-lts-announce/2018/02/msg00008.html •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2018-6520
https://notcve.org/view.php?id=CVE-2018-6520
02 Feb 2018 — SimpleSAMLphp before 1.15.2 allows remote attackers to bypass an open redirect protection mechanism via crafted authority data in a URL. SimpleSAMLphp en versiones anteriores a la 1.15.2 permite que los atacantes omitan un mecanismo de protección contra redirecciones abiertas mediante datos de autoridad manipulados en una URL. • https://simplesamlphp.org/security/201801-02 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •