Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-2etk-v7gt-pqhn
Vulnerability ID VCID-2etk-v7gt-pqhn
Aliases GHSA-2r3v-q9x3-7g46
GMS-2020-602
Summary Link injection in SimpleSAMLphp ### Background Several scripts part of SimpleSAMLphp display a web page with links obtained from the request parameters. This allows us to enhance usability, as the users are presented with links they can follow after completing a certain action, like logging out. ### Description The following scripts were not checking the URLs obtained via the HTTP request before displaying them as the target of links that the user may click on: - `www/logout.php` - `modules/core/www/no_cookie.php` The issue allowed attackers to display links targeting a malicious website inside a trusted site running SimpleSAMLphp, due to the lack of security checks involving the `link_href` and `retryURL` HTTP parameters, respectively. The issue was resolved by including a verification of the URLs received in the request against a white list of websites specified in the `trusted.url.domains` configuration option. ### Affected versions All SimpleSAMLphp versions prior to 1.14.4. ### Impact A remote attacker could craft a link pointing to a trusted website running SimpleSAMLphp, including a parameter pointing to a malicious website, and try to fool the victim into visiting that website by clicking on a link in the page presented by SimpleSAMLphp. ### Resolution Upgrade to the latest version. ### Credit This security issue was discovered and reported by John Page (hyp3rlinx).
Status Published
Exploitability None
Weighted Severity None
Risk None
Affected and Fixed Packages Package Details
Weaknesses (3)
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
System Score Found at
cvssv3.1 3.7 https://github.com/simplesamlphp/simplesamlphp/security/advisories/GHSA-2r3v-q9x3-7g46
generic_textual LOW https://github.com/simplesamlphp/simplesamlphp/security/advisories/GHSA-2r3v-q9x3-7g46
cvssv3.1 3.7 https://snyk.io/vuln/SNYK-PHP-SIMPLESAMLPHPSIMPLESAMLPHP-70160
generic_textual LOW https://snyk.io/vuln/SNYK-PHP-SIMPLESAMLPHPSIMPLESAMLPHP-70160
Reference id Reference type URL
https://snyk.io/vuln/SNYK-PHP-SIMPLESAMLPHPSIMPLESAMLPHP-70160
GHSA-2r3v-q9x3-7g46 https://github.com/advisories/GHSA-2r3v-q9x3-7g46
GHSA-2r3v-q9x3-7g46 https://github.com/simplesamlphp/simplesamlphp/security/advisories/GHSA-2r3v-q9x3-7g46
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N Found at https://github.com/simplesamlphp/simplesamlphp/security/advisories/GHSA-2r3v-q9x3-7g46
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N Found at https://snyk.io/vuln/SNYK-PHP-SIMPLESAMLPHPSIMPLESAMLPHP-70160
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

No EPSS data available for this vulnerability.

Date Actor Action Source VulnerableCode Version
2026-06-04T16:19:45.047682+00:00 GitLab Importer Import https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/simplesamlphp/simplesamlphp/GMS-2020-602.yml 38.6.0