Search for packages
| purl | pkg:composer/simplesamlphp/simplesamlphp@1.17.1 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-6fwf-1xps-t7g5
Aliases: CVE-2020-5301 GHSA-24m3-w8g9-jwpq |
Information Exposure SimpleSAMLphp contain an information disclosure vulnerability. The module controller in `SimpleSAML\Module` that processes requests for pages hosted by modules, has code to identify paths ending with `.php` and process those as PHP code. If no other suitable way of handling the given path exists, it presents the file to the browser. The check to identify paths ending with `.php` does not account for uppercase letters. If someone requests a path ending with e.g. `.PHP` and the server is serving the code from a case-insensitive file system, such as on Windows, the processing of the PHP code does not occur, and the source code is instead presented to the browser. An attacker may use this issue to gain access to the source code in third-party modules that is meant to be private, or even sensitive. However, the attack surface is considered small, as the attack will only work when SimpleSAMLphp serves such content from a file system that is not case-sensitive, such as on Windows. |
Affected by 1 other vulnerability. |
|
VCID-8w1y-praq-2bb2
Aliases: GMS-2019-150 |
Information Exposure Information disclosure in simplesamlphp. |
Affected by 2 other vulnerabilities. Affected by 2 other vulnerabilities. |
|
VCID-96db-3jav-tkay
Aliases: GHSA-vpr3-cw3h-prw8 |
SimpleSAMLphp Reflected Cross-site Scripting vulnerability When sending a SAML message to another entity, SimpleSAMLphp will use the URL of the appropriate endpoint to redirect the user’s browser to it, or craft a form that will be automatically posted to it, depending on the SAML binding used. The URL that’s target of the message is fetched from the stored metadata for the given entity, and that metadata is trusted as correct. However, if that metadata has been altered by a malicious party (either an attacker or a rogue administrator) to substitute the URLs of the endpoints with javascript code, SimpleSAMLphp was blindly using them without any validation, trusting the contents of the metadata. This would lead to a reflected XSS where the javascript code is sent inline to the web browser, and if SimpleSAMLphp is not using a strict Content Security Policy to forbid inline javascript (which is the case of the default user interface), then the code will be executed in the end user’s browser. |
Affected by 4 other vulnerabilities. |
|
VCID-hhq1-kxga-87ea
Aliases: GHSA-j5g2-q29x-cw3h |
SimpleSAMLphp vulnerable to XXE in parsing SAML messages When loading an (untrusted) XML document, for example the SAMLResponse, it's possible to induce an XXE. |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-pecs-5zkn-6qfq
Aliases: GHSA-ppm4-r2vc-pg74 |
SimpleSAMLphp Information Disclosure vulnerability The new admin interface includes a way to view information about the host where SimpleSAMLphp is installed, by means of the phpinfo() PHP function. An endpoint that exposes the output of that function is included in the admin module for easier debugging. The aforementioned endpoint had no checks for administrator privileges. This would allow any individual to access the given endpoint without authenticating, gathering information about the affected system. |
Affected by 2 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||