Search

Find a vulnerability

Search criteria Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.

    70 vulnerabilities by SimpleSAMLphp

    CVE-2026-46491 (GCVE-0-2026-46491)

    Vulnerability from nvd – Published: 2026-06-09 23:00 – Updated: 2026-06-10 18:11
    VLAI
    Title
    SimpleSAMLphp casserver FileSystemTicketStore path traversal allows out-of-ticket-directory read/unserialize and conditional deletion
    Summary
    SimpleSAMLphp-casserver is a CAS 1.0 and 2.0 compliant CAS server in the form of a SimpleSAMLphp module. Prior to version 7.0.3, simplesamlphp-module-casserver builds file paths for the file-based CAS ticket store by directly concatenating the configured ticket directory with an attacker-controlled ticket identifier. Public CAS validation/proxy endpoints pass attacker-controlled ticket / pgt query parameters into this store. In deployments using FileSystemTicketStore, a remote attacker can use path traversal sequences such as ../target.serialized to make the CAS server read and unserialize files outside the ticket directory. In the CAS 1.0 validation flow, the same attacker-selected path is also passed to deleteTicket() immediately after getTicket() returns, which can delete the target file when it is readable by the PHP process, deletable under the PHP process filesystem permissions, and unserializes to a value compatible with the ?array return type. This issue has been patched in version 7.0.3.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
    Assigner
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-46491",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-10T18:11:18.465035Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-10T18:11:30.420Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "simplesamlphp-module-casserver",
              "vendor": "simplesamlphp",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 7.0.3"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "SimpleSAMLphp-casserver is a CAS 1.0 and 2.0 compliant CAS server in the form of a SimpleSAMLphp module. Prior to version 7.0.3, simplesamlphp-module-casserver builds file paths for the file-based CAS ticket store by directly concatenating the configured ticket directory with an attacker-controlled ticket identifier. Public CAS validation/proxy endpoints pass attacker-controlled ticket / pgt query parameters into this store. In deployments using FileSystemTicketStore, a remote attacker can use path traversal sequences such as ../target.serialized to make the CAS server read and unserialize files outside the ticket directory. In the CAS 1.0 validation flow, the same attacker-selected path is also passed to deleteTicket() immediately after getTicket() returns, which can delete the target file when it is readable by the PHP process, deletable under the PHP process filesystem permissions, and unserializes to a value compatible with the ?array return type. This issue has been patched in version 7.0.3."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 8.6,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "LOW",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-22",
                  "description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-09T23:00:11.313Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/simplesamlphp/simplesamlphp-module-casserver/security/advisories/GHSA-jrrg-99xh-5j2q",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/simplesamlphp/simplesamlphp-module-casserver/security/advisories/GHSA-jrrg-99xh-5j2q"
            },
            {
              "name": "https://github.com/simplesamlphp/simplesamlphp-module-casserver/commit/b84f3e4ed57c4d97e0dc73df102e7eff831a681f",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/simplesamlphp/simplesamlphp-module-casserver/commit/b84f3e4ed57c4d97e0dc73df102e7eff831a681f"
            },
            {
              "name": "https://github.com/simplesamlphp/simplesamlphp-module-casserver/releases/tag/v7.0.3",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/simplesamlphp/simplesamlphp-module-casserver/releases/tag/v7.0.3"
            }
          ],
          "source": {
            "advisory": "GHSA-jrrg-99xh-5j2q",
            "discovery": "UNKNOWN"
          },
          "title": "SimpleSAMLphp casserver FileSystemTicketStore path traversal allows out-of-ticket-directory read/unserialize and conditional deletion"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-46491",
        "datePublished": "2026-06-09T23:00:11.313Z",
        "dateReserved": "2026-05-14T18:06:06.811Z",
        "dateUpdated": "2026-06-10T18:11:30.420Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-65954 (GCVE-0-2025-65954)

    Vulnerability from nvd – Published: 2026-05-18 19:57 – Updated: 2026-05-18 20:28
    VLAI
    Title
    SimpleSAMLphp-casserver has an Open Redirect vulnerability via logout
    Summary
    SimpleSAMLphp-casserver is a CAS 1.0 and 2.0 compliant CAS server in the form of a SimpleSAMLphp module. In versions below 6.3.1 and 7.0.0, the logout endpoint accepts a url query parameter to redirect to. casserver treats that url as trusted, and either (depending on configuration) redirects the browser there, or shows a "you've been logged out" page with a link to continue to that url. Impacted configs include 'enable_logout' => true, and 'skip_logout_page' -> true. This issue has been resolved in versions 6.3.1 and 7.0.0.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-601 - URL Redirection to Untrusted Site ('Open Redirect')
    Assigner
    Impacted products
    Vendor Product Version
    simplesamlphp simplesamlphp-module-casserver Affected: < 6.3.1
    Affected: >= 7.0.0-rc1, < 7.0.0
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-65954",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-18T20:27:41.760236Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-18T20:28:06.383Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://github.com/simplesamlphp/simplesamlphp-module-casserver/security/advisories/GHSA-cvrm-5hp6-h523"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "simplesamlphp-module-casserver",
              "vendor": "simplesamlphp",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 6.3.1"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 7.0.0-rc1,  \u003c 7.0.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "SimpleSAMLphp-casserver is a CAS 1.0 and 2.0 compliant CAS server in the form of a SimpleSAMLphp module. In versions below 6.3.1 and 7.0.0, the logout endpoint accepts a url query parameter to redirect to. casserver treats that url as trusted, and either (depending on configuration) redirects the browser there, or shows a \"you\u0027ve been logged out\" page with a link to continue to that url. Impacted configs include \u0027enable_logout\u0027 =\u003e true, and \u0027skip_logout_page\u0027 -\u003e true. This issue has been resolved in versions 6.3.1 and 7.0.0."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.7,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-601",
                  "description": "CWE-601: URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-18T19:57:07.228Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/simplesamlphp/simplesamlphp-module-casserver/security/advisories/GHSA-cvrm-5hp6-h523",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/simplesamlphp/simplesamlphp-module-casserver/security/advisories/GHSA-cvrm-5hp6-h523"
            },
            {
              "name": "https://github.com/simplesamlphp/simplesamlphp-module-casserver/commit/0462f50f00b3bb300d83067d11b74146a57bb8e0",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/simplesamlphp/simplesamlphp-module-casserver/commit/0462f50f00b3bb300d83067d11b74146a57bb8e0"
            },
            {
              "name": "https://github.com/simplesamlphp/simplesamlphp-module-casserver/commit/fb6c6f1c7b9e757c93c5c306e1d36405e64f6dc5",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/simplesamlphp/simplesamlphp-module-casserver/commit/fb6c6f1c7b9e757c93c5c306e1d36405e64f6dc5"
            }
          ],
          "source": {
            "advisory": "GHSA-cvrm-5hp6-h523",
            "discovery": "UNKNOWN"
          },
          "title": "SimpleSAMLphp-casserver  has an Open Redirect vulnerability via logout"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2025-65954",
        "datePublished": "2026-05-18T19:57:07.228Z",
        "dateReserved": "2025-11-18T16:14:56.693Z",
        "dateUpdated": "2026-05-18T20:28:06.383Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-32600 (GCVE-0-2026-32600)

    Vulnerability from nvd – Published: 2026-03-13 19:58 – Updated: 2026-03-16 14:03
    VLAI
    Title
    xml-security is Missing AES-GCM Authentication Tag Validation on Encrypted Nodes Allows for Unauthorized Decryption
    Summary
    xml-security is a library that implements XML signatures and encryption. Prior to versions 2.3.1 and 1.13.9, XML nodes encrypted with either aes-128-gcm, aes-192-gcm, or aes-256-gcm lack validation of the authentication tag length. An attacker can use this to brute-force an authentication tag, recover the GHASH key, and decrypt the encrypted nodes. It also allows to forge arbitrary ciphertexts without knowing the encryption key. This vulnerability is fixed in 2.3.1 and 1.13.9.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-354 - Improper Validation of Integrity Check Value
    Assigner
    Impacted products
    Vendor Product Version
    simplesamlphp xml-security Affected: >= 2.0.0, < 2.3.1
    Affected: < 1.13.9
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-32600",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-03-16T14:01:30.383537Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-03-16T14:03:17.811Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "xml-security",
              "vendor": "simplesamlphp",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003e= 2.0.0, \u003c 2.3.1"
                },
                {
                  "status": "affected",
                  "version": "\u003c 1.13.9"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "xml-security is a library that implements XML signatures and encryption. Prior to versions 2.3.1 and 1.13.9, XML nodes encrypted with either aes-128-gcm, aes-192-gcm, or aes-256-gcm lack validation of the authentication tag length. An attacker can use this to brute-force an authentication tag, recover the GHASH key, and decrypt the encrypted nodes. It also allows to forge arbitrary ciphertexts without knowing the encryption key. This vulnerability is fixed in 2.3.1 and 1.13.9."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 8.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-354",
                  "description": "CWE-354: Improper Validation of Integrity Check Value",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-03-16T12:28:57.720Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/simplesamlphp/xml-security/security/advisories/GHSA-r353-4845-pr5p",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/simplesamlphp/xml-security/security/advisories/GHSA-r353-4845-pr5p"
            },
            {
              "name": "https://github.com/simplesamlphp/xml-security/commit/cad6d57cf0a5a0b7e0cc4e4a5b18752e56eb1520",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/simplesamlphp/xml-security/commit/cad6d57cf0a5a0b7e0cc4e4a5b18752e56eb1520"
            },
            {
              "name": "https://github.com/simplesamlphp/xml-security/commit/fdc12449e959c610943f9fd428e95e3832d74c25",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/simplesamlphp/xml-security/commit/fdc12449e959c610943f9fd428e95e3832d74c25"
            }
          ],
          "source": {
            "advisory": "GHSA-r353-4845-pr5p",
            "discovery": "UNKNOWN"
          },
          "title": "xml-security is Missing AES-GCM Authentication Tag Validation on Encrypted Nodes Allows for Unauthorized Decryption"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-32600",
        "datePublished": "2026-03-13T19:58:41.692Z",
        "dateReserved": "2026-03-12T14:54:24.269Z",
        "dateUpdated": "2026-03-16T14:03:17.811Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-27773 (GCVE-0-2025-27773)

    Vulnerability from nvd – Published: 2025-03-11 19:04 – Updated: 2025-05-09 20:03
    VLAI
    Title
    SimpleSAMLphp SAML2 library has incorrect signature verification for HTTP-Redirect binding
    Summary
    The SimpleSAMLphp SAML2 library is a PHP library for SAML2 related functionality. Prior to versions 4.17.0 and 5.0.0-alpha.20, there is a signature confusion attack in the HTTPRedirect binding. An attacker with any signed SAMLResponse via the HTTP-Redirect binding can cause the application to accept an unsigned message. Versions 4.17.0 and 5.0.0-alpha.20 contain a fix for the issue.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-347 - Improper Verification of Cryptographic Signature
    Assigner
    Impacted products
    Vendor Product Version
    simplesamlphp saml2 Affected: < 4.17.0
    Affected: >= 5.0.0-alpha.1, < 5.0.0-alpha.20
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-27773",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-03-11T19:26:31.017558Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-03-11T19:27:00.852Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2025-05-09T20:03:38.107Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00013.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "saml2",
              "vendor": "simplesamlphp",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 4.17.0"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 5.0.0-alpha.1, \u003c 5.0.0-alpha.20"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The SimpleSAMLphp SAML2 library is a PHP library for SAML2 related functionality. Prior to versions 4.17.0 and 5.0.0-alpha.20, there is a signature confusion attack in the HTTPRedirect binding. An attacker with any signed SAMLResponse via the HTTP-Redirect binding can cause the application to accept an unsigned message. Versions 4.17.0 and 5.0.0-alpha.20 contain a fix for the issue."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 8.6,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-347",
                  "description": "CWE-347: Improper Verification of Cryptographic Signature",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-03-11T19:04:52.135Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/simplesamlphp/saml2/security/advisories/GHSA-46r4-f8gj-xg56",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/simplesamlphp/saml2/security/advisories/GHSA-46r4-f8gj-xg56"
            },
            {
              "name": "https://github.com/simplesamlphp/saml2/commit/7867d6099dc7f31bed1ea10e5bea159c5623d2a0",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/simplesamlphp/saml2/commit/7867d6099dc7f31bed1ea10e5bea159c5623d2a0"
            },
            {
              "name": "https://github.com/simplesamlphp/saml2/blob/9545abd0d9d48388f2fa00469c5c1e0294f0303e/src/SAML2/HTTPRedirect.php#L104-L113",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/simplesamlphp/saml2/blob/9545abd0d9d48388f2fa00469c5c1e0294f0303e/src/SAML2/HTTPRedirect.php#L104-L113"
            },
            {
              "name": "https://github.com/simplesamlphp/saml2/blob/9545abd0d9d48388f2fa00469c5c1e0294f0303e/src/SAML2/HTTPRedirect.php#L178-L217",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/simplesamlphp/saml2/blob/9545abd0d9d48388f2fa00469c5c1e0294f0303e/src/SAML2/HTTPRedirect.php#L178-L217"
            }
          ],
          "source": {
            "advisory": "GHSA-46r4-f8gj-xg56",
            "discovery": "UNKNOWN"
          },
          "title": "SimpleSAMLphp SAML2 library has incorrect signature verification for HTTP-Redirect binding"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2025-27773",
        "datePublished": "2025-03-11T19:04:52.135Z",
        "dateReserved": "2025-03-06T18:06:54.460Z",
        "dateUpdated": "2025-05-09T20:03:38.107Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-52806 (GCVE-0-2024-52806)

    Vulnerability from nvd – Published: 2024-12-02 16:18 – Updated: 2024-12-02 19:12
    VLAI
    Title
    SimpleSAMLphp SAML2 has an XXE in parsing SAML messages
    Summary
    SimpleSAMLphp SAML2 library is a PHP library for SAML2 related functionality. When loading an (untrusted) XML document, for example the SAMLResponse, it's possible to induce an XXE. This vulnerability is fixed in 4.6.14 and 5.0.0-alpha.18.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-611 - Improper Restriction of XML External Entity Reference
    Assigner
    References
    Impacted products
    Vendor Product Version
    simplesamlphp saml2 Affected: < 4.6.14
    Affected: >= 5.0.0-alpha.1, < 5.0.0-alpha.18
    Create a notification for this product.
    simplesamlphp saml2 Affected: 0 , < 4.6.14 (custom)
    Affected: 0 , ≤ 5.0.0-alpha.1 (custom)
    Affected: 0 , < 5.0.0-alpha.18 (custom)
        cpe:2.3:a:simplesamlphp:saml2:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:simplesamlphp:saml2:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "saml2",
                "vendor": "simplesamlphp",
                "versions": [
                  {
                    "lessThan": "4.6.14",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  },
                  {
                    "lessThanOrEqual": "5.0.0-alpha.1",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "5.0.0-alpha.18",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-52806",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-12-02T19:10:45.941998Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-12-02T19:12:33.197Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "saml2",
              "vendor": "simplesamlphp",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 4.6.14"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 5.0.0-alpha.1, \u003c 5.0.0-alpha.18"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "SimpleSAMLphp SAML2 library is a PHP library for SAML2 related functionality. When loading an (untrusted) XML document, for example the SAMLResponse, it\u0027s possible to induce an XXE. This vulnerability is fixed in 4.6.14 and 5.0.0-alpha.18."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 8.3,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-611",
                  "description": "CWE-611: Improper Restriction of XML External Entity Reference",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-12-02T16:18:43.485Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/simplesamlphp/saml2/security/advisories/GHSA-pxm4-r5ph-q2m2",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/simplesamlphp/saml2/security/advisories/GHSA-pxm4-r5ph-q2m2"
            },
            {
              "name": "https://github.com/simplesamlphp/saml2/commit/5fd4ce4596656fb0c1278f15b8305825412e89f7",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/simplesamlphp/saml2/commit/5fd4ce4596656fb0c1278f15b8305825412e89f7"
            }
          ],
          "source": {
            "advisory": "GHSA-pxm4-r5ph-q2m2",
            "discovery": "UNKNOWN"
          },
          "title": "SimpleSAMLphp SAML2 has an XXE in parsing SAML messages"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2024-52806",
        "datePublished": "2024-12-02T16:18:43.485Z",
        "dateReserved": "2024-11-15T17:11:13.442Z",
        "dateUpdated": "2024-12-02T19:12:33.197Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-52596 (GCVE-0-2024-52596)

    Vulnerability from nvd – Published: 2024-12-02 16:24 – Updated: 2024-12-02 18:36
    VLAI
    Title
    SimpleSAMLphp xml-common XXE vulnerability
    Summary
    SimpleSAMLphp xml-common is a common classes for handling XML-structures. When loading an (untrusted) XML document, for example the SAMLResponse, it's possible to induce an XXE. This vulnerability is fixed in 1.19.0.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-611 - Improper Restriction of XML External Entity Reference
    Assigner
    Impacted products
    Vendor Product Version
    simplesamlphp xml-common Affected: < 1.20.0
    Create a notification for this product.
    simplesamlphp xml-common Affected: 0 , < 1.20.0 (custom)
        cpe:2.3:a:simplesamlphp:xml-common:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-12-02T17:02:40.705Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "https://lists.debian.org/debian-lts-announce/2024/12/msg00001.html"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:simplesamlphp:xml-common:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "xml-common",
                "vendor": "simplesamlphp",
                "versions": [
                  {
                    "lessThan": "1.20.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-52596",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-12-02T18:32:34.951320Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-12-02T18:36:23.399Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "xml-common",
              "vendor": "simplesamlphp",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 1.20.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "SimpleSAMLphp xml-common is a common classes for handling XML-structures. When loading an (untrusted) XML document, for example the SAMLResponse, it\u0027s possible to induce an XXE. This vulnerability is fixed in 1.19.0."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "privilegesRequired": "NONE",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "LOW",
                "subIntegrityImpact": "LOW",
                "userInteraction": "NONE",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:H/SC:L/SI:L/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "NONE"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-611",
                  "description": "CWE-611: Improper Restriction of XML External Entity Reference",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-12-02T16:24:49.591Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/simplesamlphp/xml-common/security/advisories/GHSA-2x65-fpch-2fcm",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/simplesamlphp/xml-common/security/advisories/GHSA-2x65-fpch-2fcm"
            },
            {
              "name": "https://github.com/simplesamlphp/xml-common/commit/fa4ade391c3194466acf5fbfd5d2ecdbf5e831f5",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/simplesamlphp/xml-common/commit/fa4ade391c3194466acf5fbfd5d2ecdbf5e831f5"
            }
          ],
          "source": {
            "advisory": "GHSA-2x65-fpch-2fcm",
            "discovery": "UNKNOWN"
          },
          "title": "SimpleSAMLphp xml-common XXE vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2024-52596",
        "datePublished": "2024-12-02T16:24:49.591Z",
        "dateReserved": "2024-11-14T15:05:46.769Z",
        "dateUpdated": "2024-12-02T18:36:23.399Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-49087 (GCVE-0-2023-49087)

    Vulnerability from nvd – Published: 2023-11-30 05:20 – Updated: 2024-08-02 21:46
    VLAI
    Title
    Validation of SignedInfo
    Summary
    xml-security is a library that implements XML signatures and encryption. Validation of an XML signature requires verification that the hash value of the related XML-document matches a specific DigestValue-value, but also that the cryptographic signature on the SignedInfo-tree (the one that contains the DigestValue) verifies and matches a trusted public key. If an attacker somehow (i.e. by exploiting a bug in PHP's canonicalization function) manages to manipulate the canonicalized version's DigestValue, it would be possible to forge the signature. This issue has been patched in version 1.6.12 and 5.0.0-alpha.13.
    CWE
    • CWE-345 - Insufficient Verification of Data Authenticity
    Assigner
    References
    Impacted products
    Vendor Product Version
    simplesamlphp xml-security Affected: = 1.6.11
    Affected: = 5.0.0-alpha.12
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T21:46:29.195Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "https://github.com/simplesamlphp/xml-security/security/advisories/GHSA-ww7x-3gxh-qm6r",
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/simplesamlphp/xml-security/security/advisories/GHSA-ww7x-3gxh-qm6r"
              },
              {
                "name": "https://github.com/simplesamlphp/xml-security/commit/f509e3083dd7870cce5880c804b5122317287581",
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/simplesamlphp/xml-security/commit/f509e3083dd7870cce5880c804b5122317287581"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "xml-security",
              "vendor": "simplesamlphp",
              "versions": [
                {
                  "status": "affected",
                  "version": "= 1.6.11"
                },
                {
                  "status": "affected",
                  "version": "= 5.0.0-alpha.12"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "xml-security is a library that implements XML signatures and encryption. Validation of an XML signature requires verification that the hash value of the related XML-document matches a specific DigestValue-value, but also that the cryptographic signature on the SignedInfo-tree (the one that contains the DigestValue) verifies and matches a trusted public key. If an attacker somehow (i.e. by exploiting a bug in PHP\u0027s canonicalization function) manages to manipulate the canonicalized version\u0027s DigestValue, it would be possible to forge the signature. This issue has been patched in version 1.6.12 and 5.0.0-alpha.13."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-345",
                  "description": "CWE-345: Insufficient Verification of Data Authenticity",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-11-30T05:20:28.298Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/simplesamlphp/xml-security/security/advisories/GHSA-ww7x-3gxh-qm6r",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/simplesamlphp/xml-security/security/advisories/GHSA-ww7x-3gxh-qm6r"
            },
            {
              "name": "https://github.com/simplesamlphp/xml-security/commit/f509e3083dd7870cce5880c804b5122317287581",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/simplesamlphp/xml-security/commit/f509e3083dd7870cce5880c804b5122317287581"
            }
          ],
          "source": {
            "advisory": "GHSA-ww7x-3gxh-qm6r",
            "discovery": "UNKNOWN"
          },
          "title": "Validation of SignedInfo"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2023-49087",
        "datePublished": "2023-11-30T05:20:28.298Z",
        "dateReserved": "2023-11-21T18:57:30.429Z",
        "dateUpdated": "2024-08-02T21:46:29.195Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2010-10008 (GCVE-0-2010-10008)

    Vulnerability from nvd – Published: 2023-01-17 07:35 – Updated: 2024-11-25 16:35 Unsupported When Assigned
    VLAI
    Title
    simplesamlphp simplesamlphp-module-openidprovider trust.tpl.php cross site scripting
    Summary
    ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in simplesamlphp simplesamlphp-module-openidprovider up to 0.8.x. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file templates/trust.tpl.php. The manipulation of the argument StateID leads to cross site scripting. The attack can be launched remotely. Upgrading to version 0.9.0 is able to address this issue. The identifier of the patch is 8365d48c863cf06ccf1465cc0a161cefae29d69d. It is recommended to upgrade the affected component. The identifier VDB-218473 was assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Cross Site Scripting
    Assigner
    References
    Impacted products
    Vendor Product Version
    simplesamlphp simplesamlphp-module-openidprovider Affected: 0.1
    Affected: 0.2
    Affected: 0.3
    Affected: 0.4
    Affected: 0.5
    Affected: 0.6
    Affected: 0.7
    Affected: 0.8
    Create a notification for this product.
    Credits
    VulDB GitHub Commit Analyzer
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T04:17:10.297Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vdb-entry",
                  "technical-description",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?id.218473"
              },
              {
                "tags": [
                  "signature",
                  "permissions-required",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?ctiid.218473"
              },
              {
                "tags": [
                  "patch",
                  "x_transferred"
                ],
                "url": "https://github.com/simplesamlphp/simplesamlphp-module-openidprovider/commit/8365d48c863cf06ccf1465cc0a161cefae29d69d"
              },
              {
                "tags": [
                  "patch",
                  "x_transferred"
                ],
                "url": "https://github.com/simplesamlphp/simplesamlphp-module-openidprovider/releases/tag/v0.9.0"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2010-10008",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-02-29T17:02:13.966285Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-25T16:35:21.618Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "simplesamlphp-module-openidprovider",
              "vendor": "simplesamlphp",
              "versions": [
                {
                  "status": "affected",
                  "version": "0.1"
                },
                {
                  "status": "affected",
                  "version": "0.2"
                },
                {
                  "status": "affected",
                  "version": "0.3"
                },
                {
                  "status": "affected",
                  "version": "0.4"
                },
                {
                  "status": "affected",
                  "version": "0.5"
                },
                {
                  "status": "affected",
                  "version": "0.6"
                },
                {
                  "status": "affected",
                  "version": "0.7"
                },
                {
                  "status": "affected",
                  "version": "0.8"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "tool",
              "value": "VulDB GitHub Commit Analyzer"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in simplesamlphp simplesamlphp-module-openidprovider up to 0.8.x. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file templates/trust.tpl.php. The manipulation of the argument StateID leads to cross site scripting. The attack can be launched remotely. Upgrading to version 0.9.0 is able to address this issue. The identifier of the patch is 8365d48c863cf06ccf1465cc0a161cefae29d69d. It is recommended to upgrade the affected component. The identifier VDB-218473 was assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer."
            },
            {
              "lang": "de",
              "value": "In simplesamlphp simplesamlphp-module-openidprovider bis 0.8.x wurde eine problematische Schwachstelle ausgemacht. Dabei geht es um eine nicht genauer bekannte Funktion der Datei templates/trust.tpl.php. Mit der Manipulation des Arguments StateID mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Ein Aktualisieren auf die Version 0.9.0 vermag dieses Problem zu l\u00f6sen. Der Patch wird als 8365d48c863cf06ccf1465cc0a161cefae29d69d bezeichnet. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 3.5,
                "baseSeverity": "LOW",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 3.5,
                "baseSeverity": "LOW",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 4,
                "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Cross Site Scripting",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-10-12T08:25:41.420Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.218473"
            },
            {
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.218473"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/simplesamlphp/simplesamlphp-module-openidprovider/commit/8365d48c863cf06ccf1465cc0a161cefae29d69d"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/simplesamlphp/simplesamlphp-module-openidprovider/releases/tag/v0.9.0"
            }
          ],
          "tags": [
            "unsupported-when-assigned"
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2023-01-17T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2023-01-17T00:00:00.000Z",
              "value": "CVE reserved"
            },
            {
              "lang": "en",
              "time": "2023-01-17T01:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2023-02-09T10:31:57.000Z",
              "value": "VulDB last update"
            }
          ],
          "title": "simplesamlphp simplesamlphp-module-openidprovider trust.tpl.php cross site scripting"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2010-10008",
        "datePublished": "2023-01-17T07:35:29.073Z",
        "dateReserved": "2023-01-17T07:32:14.558Z",
        "dateUpdated": "2024-11-25T16:35:21.618Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2010-10004 (GCVE-0-2010-10004)

    Vulnerability from nvd – Published: 2023-01-09 07:15 – Updated: 2024-08-07 04:17
    VLAI
    Title
    Information Cards Module cross site scripting
    Summary
    A vulnerability was found in Information Cards Module on simpleSAMLphp and classified as problematic. This issue affects some unknown processing. The manipulation leads to cross site scripting. The attack may be initiated remotely. Upgrading to version 1.0 is able to address this issue. The identifier of the patch is f6bfea49ae16dc6e179df8306d39c3694f1ef186. It is recommended to upgrade the affected component. The identifier VDB-217661 was assigned to this vulnerability.
    CWE
    • CWE-79 - Cross Site Scripting
    Assigner
    References
    Impacted products
    Vendor Product Version
    n/a Information Cards Module Affected: n/a
    Credits
    VulDB GitHub Commit Analyzer
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T04:17:10.330Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vdb-entry",
                  "technical-description",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?id.217661"
              },
              {
                "tags": [
                  "signature",
                  "permissions-required",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?ctiid.217661"
              },
              {
                "tags": [
                  "patch",
                  "x_transferred"
                ],
                "url": "https://github.com/simplesamlphp/simplesamlphp-module-infocard/commit/f6bfea49ae16dc6e179df8306d39c3694f1ef186"
              },
              {
                "tags": [
                  "patch",
                  "x_transferred"
                ],
                "url": "https://github.com/simplesamlphp/simplesamlphp-module-infocard/releases/tag/v1.0"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Information Cards Module",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "tool",
              "value": "VulDB GitHub Commit Analyzer"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was found in Information Cards Module on simpleSAMLphp and classified as problematic. This issue affects some unknown processing. The manipulation leads to cross site scripting. The attack may be initiated remotely. Upgrading to version 1.0 is able to address this issue. The identifier of the patch is f6bfea49ae16dc6e179df8306d39c3694f1ef186. It is recommended to upgrade the affected component. The identifier VDB-217661 was assigned to this vulnerability."
            },
            {
              "lang": "de",
              "value": "Eine problematische Schwachstelle wurde in Information Cards Module f\u00fcr simpleSAMLphp gefunden. Es geht hierbei um eine nicht n\u00e4her spezifizierte Funktion. Durch Manipulation mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Ein Aktualisieren auf die Version 1.0 vermag dieses Problem zu l\u00f6sen. Der Patch wird als f6bfea49ae16dc6e179df8306d39c3694f1ef186 bezeichnet. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 3.5,
                "baseSeverity": "LOW",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 3.5,
                "baseSeverity": "LOW",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 4,
                "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Cross Site Scripting",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-10-12T08:22:01.887Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.217661"
            },
            {
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.217661"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/simplesamlphp/simplesamlphp-module-infocard/commit/f6bfea49ae16dc6e179df8306d39c3694f1ef186"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/simplesamlphp/simplesamlphp-module-infocard/releases/tag/v1.0"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2023-01-09T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2023-01-09T00:00:00.000Z",
              "value": "CVE reserved"
            },
            {
              "lang": "en",
              "time": "2023-01-09T01:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2023-01-30T10:20:26.000Z",
              "value": "VulDB last update"
            }
          ],
          "title": "Information Cards Module cross site scripting"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2010-10004",
        "datePublished": "2023-01-09T07:15:26.593Z",
        "dateReserved": "2023-01-09T07:15:11.985Z",
        "dateUpdated": "2024-08-07T04:17:10.330Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2010-10002 (GCVE-0-2010-10002)

    Vulnerability from nvd – Published: 2023-01-01 16:16 – Updated: 2024-08-07 04:17 Unsupported When Assigned
    VLAI
    Title
    SimpleSAMLphp simplesamlphp-module-openid OpenID consumer.php cross site scripting
    Summary
    ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as problematic has been found in SimpleSAMLphp simplesamlphp-module-openid. Affected is an unknown function of the file templates/consumer.php of the component OpenID Handler. The manipulation of the argument AuthState leads to cross site scripting. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. Upgrading to version 1.0 is able to address this issue. The patch is identified as d652d41ccaf8c45d5707e741c0c5d82a2365a9a3. It is recommended to upgrade the affected component. VDB-217170 is the identifier assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
    CWE
    • CWE-79 - Cross Site Scripting
    Assigner
    References
    Impacted products
    Credits
    VulDB GitHub Commit Analyzer
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T04:17:10.242Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vdb-entry",
                  "technical-description",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?id.217170"
              },
              {
                "tags": [
                  "signature",
                  "permissions-required",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?ctiid.217170"
              },
              {
                "tags": [
                  "patch",
                  "x_transferred"
                ],
                "url": "https://github.com/simplesamlphp/simplesamlphp-module-openid/commit/d652d41ccaf8c45d5707e741c0c5d82a2365a9a3"
              },
              {
                "tags": [
                  "patch",
                  "x_transferred"
                ],
                "url": "https://github.com/simplesamlphp/simplesamlphp-module-openid/releases/tag/v1.0"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "modules": [
                "OpenID Handler"
              ],
              "product": "simplesamlphp-module-openid",
              "vendor": "SimpleSAMLphp",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "tool",
              "value": "VulDB GitHub Commit Analyzer"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as problematic has been found in SimpleSAMLphp simplesamlphp-module-openid. Affected is an unknown function of the file templates/consumer.php of the component OpenID Handler. The manipulation of the argument AuthState leads to cross site scripting. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. Upgrading to version 1.0 is able to address this issue. The patch is identified as d652d41ccaf8c45d5707e741c0c5d82a2365a9a3. It is recommended to upgrade the affected component. VDB-217170 is the identifier assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer."
            },
            {
              "lang": "de",
              "value": "Es wurde eine problematische Schwachstelle in SimpleSAMLphp simplesamlphp-module-openid entdeckt. Es betrifft eine unbekannte Funktion der Datei templates/consumer.php der Komponente OpenID Handler. Durch Manipulieren des Arguments AuthState mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Die Komplexit\u00e4t eines Angriffs ist eher hoch. Sie gilt als schwierig auszunutzen. Ein Aktualisieren auf die Version 1.0 vermag dieses Problem zu l\u00f6sen. Der Patch wird als d652d41ccaf8c45d5707e741c0c5d82a2365a9a3 bezeichnet. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 3.1,
                "baseSeverity": "LOW",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 3.1,
                "baseSeverity": "LOW",
                "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 2.6,
                "vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Cross Site Scripting",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-10-12T08:19:35.363Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.217170"
            },
            {
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.217170"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/simplesamlphp/simplesamlphp-module-openid/commit/d652d41ccaf8c45d5707e741c0c5d82a2365a9a3"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/simplesamlphp/simplesamlphp-module-openid/releases/tag/v1.0"
            }
          ],
          "tags": [
            "unsupported-when-assigned"
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2023-01-01T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2023-01-01T00:00:00.000Z",
              "value": "CVE reserved"
            },
            {
              "lang": "en",
              "time": "2023-01-01T01:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2023-01-26T18:36:06.000Z",
              "value": "VulDB last update"
            }
          ],
          "title": "SimpleSAMLphp simplesamlphp-module-openid OpenID consumer.php cross site scripting"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2010-10002",
        "datePublished": "2023-01-01T16:16:09.396Z",
        "dateReserved": "2023-01-01T16:14:33.539Z",
        "dateUpdated": "2024-08-07T04:17:10.242Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-5301 (GCVE-0-2020-5301)

    Vulnerability from nvd – Published: 2020-04-21 19:50 – Updated: 2024-08-04 08:22
    VLAI
    Title
    Information disclosure of source code in SimpleSAMLphp
    Summary
    SimpleSAMLphp versions before 1.18.6 contain an information disclosure vulnerability. The module controller in `SimpleSAML\Module` that processes requests for pages hosted by modules, has code to identify paths ending with `.php` and process those as PHP code. If no other suitable way of handling the given path exists it presents the file to the browser. The check to identify paths ending with `.php` does not account for uppercase letters. If someone requests a path ending with e.g. `.PHP` and the server is serving the code from a case-insensitive file system, such as on Windows, the processing of the PHP code does not occur, and the source code is instead presented to the browser. An attacker may use this issue to gain access to the source code in third-party modules that is meant to be private, or even sensitive. However, the attack surface is considered small, as the attack will only work when SimpleSAMLphp serves such content from a file system that is not case-sensitive, such as on Windows. This issue is fixed in version 1.18.6.
    CWE
    • CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
    Assigner
    References
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T08:22:09.096Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/simplesamlphp/simplesamlphp/security/advisories/GHSA-24m3-w8g9-jwpq"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/simplesamlphp/simplesamlphp/commit/47968d26a2fd3ed52da70dc09210921d612ce44e"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "simplesamlphp",
              "vendor": "simplesamlphp",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 1.18.6"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "SimpleSAMLphp versions before 1.18.6 contain an information disclosure vulnerability. The module controller in `SimpleSAML\\Module` that processes requests for pages hosted by modules, has code to identify paths ending with `.php` and process those as PHP code. If no other suitable way of handling the given path exists it presents the file to the browser. The check to identify paths ending with `.php` does not account for uppercase letters. If someone requests a path ending with e.g. `.PHP` and the server is serving the code from a case-insensitive file system, such as on Windows, the processing of the PHP code does not occur, and the source code is instead presented to the browser. An attacker may use this issue to gain access to the source code in third-party modules that is meant to be private, or even sensitive. However, the attack surface is considered small, as the attack will only work when SimpleSAMLphp serves such content from a file system that is not case-sensitive, such as on Windows. This issue is fixed in version 1.18.6."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 3,
                "baseSeverity": "LOW",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:N/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-200",
                  "description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-04-21T19:50:13.000Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/simplesamlphp/simplesamlphp/security/advisories/GHSA-24m3-w8g9-jwpq"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/simplesamlphp/simplesamlphp/commit/47968d26a2fd3ed52da70dc09210921d612ce44e"
            }
          ],
          "source": {
            "advisory": "GHSA-24m3-w8g9-jwpq",
            "discovery": "UNKNOWN"
          },
          "title": "Information disclosure of source code in SimpleSAMLphp",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security-advisories@github.com",
              "ID": "CVE-2020-5301",
              "STATE": "PUBLIC",
              "TITLE": "Information disclosure of source code in SimpleSAMLphp"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "simplesamlphp",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "\u003c 1.18.6"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "simplesamlphp"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "SimpleSAMLphp versions before 1.18.6 contain an information disclosure vulnerability. The module controller in `SimpleSAML\\Module` that processes requests for pages hosted by modules, has code to identify paths ending with `.php` and process those as PHP code. If no other suitable way of handling the given path exists it presents the file to the browser. The check to identify paths ending with `.php` does not account for uppercase letters. If someone requests a path ending with e.g. `.PHP` and the server is serving the code from a case-insensitive file system, such as on Windows, the processing of the PHP code does not occur, and the source code is instead presented to the browser. An attacker may use this issue to gain access to the source code in third-party modules that is meant to be private, or even sensitive. However, the attack surface is considered small, as the attack will only work when SimpleSAMLphp serves such content from a file system that is not case-sensitive, such as on Windows. This issue is fixed in version 1.18.6."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 3,
                "baseSeverity": "LOW",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:N/A:N",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://github.com/simplesamlphp/simplesamlphp/security/advisories/GHSA-24m3-w8g9-jwpq",
                  "refsource": "CONFIRM",
                  "url": "https://github.com/simplesamlphp/simplesamlphp/security/advisories/GHSA-24m3-w8g9-jwpq"
                },
                {
                  "name": "https://github.com/simplesamlphp/simplesamlphp/commit/47968d26a2fd3ed52da70dc09210921d612ce44e",
                  "refsource": "MISC",
                  "url": "https://github.com/simplesamlphp/simplesamlphp/commit/47968d26a2fd3ed52da70dc09210921d612ce44e"
                }
              ]
            },
            "source": {
              "advisory": "GHSA-24m3-w8g9-jwpq",
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2020-5301",
        "datePublished": "2020-04-21T19:50:13.000Z",
        "dateReserved": "2020-01-02T00:00:00.000Z",
        "dateUpdated": "2024-08-04T08:22:09.096Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-5226 (GCVE-0-2020-5226)

    Vulnerability from nvd – Published: 2020-01-24 21:15 – Updated: 2024-08-04 08:22
    VLAI
    Title
    Cross-site scripting in SimpleSAMLphp
    Summary
    Cross-site scripting in SimpleSAMLphp before version 1.18.4. The www/erroreport.php script allows error reports to be submitted and sent to the system administrator. Starting with SimpleSAMLphp 1.18.0, a new SimpleSAML\Utils\EMail class was introduced to handle sending emails, implemented as a wrapper of an external dependency. This new wrapper allows us to use Twig templates in order to create the email sent with an error report. Since Twig provides automatic escaping of variables, manual escaping of the free-text field in www/errorreport.php was removed to avoid double escaping. However, for those not using the new user interface yet, an email template is hardcoded into the class itself in plain PHP. Since no escaping is provided in this template, it is then possible to inject HTML inside the template by manually crafting the contents of the free-text field.
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    References
    Impacted products
    Vendor Product Version
    simplesamlphp SimpleSAMLphp Affected: >= 1.18.0, < 1.18.4
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T08:22:08.731Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/simplesamlphp/simplesamlphp/security/advisories/GHSA-mj9p-v2r8-wf8w"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://simplesamlphp.org/security/202001-01"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "SimpleSAMLphp",
              "vendor": "simplesamlphp",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003e= 1.18.0, \u003c 1.18.4"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-site scripting in SimpleSAMLphp before version 1.18.4. The www/erroreport.php script allows error reports to be submitted and sent to the system administrator. Starting with SimpleSAMLphp 1.18.0, a new SimpleSAML\\Utils\\EMail class was introduced to handle sending emails, implemented as a wrapper of an external dependency. This new wrapper allows us to use Twig templates in order to create the email sent with an error report. Since Twig provides automatic escaping of variables, manual escaping of the free-text field in www/errorreport.php was removed to avoid double escaping. However, for those not using the new user interface yet, an email template is hardcoded into the class itself in plain PHP. Since no escaping is provided in this template, it is then possible to inject HTML inside the template by manually crafting the contents of the free-text field."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-01-24T21:15:15.000Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/simplesamlphp/simplesamlphp/security/advisories/GHSA-mj9p-v2r8-wf8w"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://simplesamlphp.org/security/202001-01"
            }
          ],
          "source": {
            "advisory": "GHSA-mj9p-v2r8-wf8w",
            "discovery": "UNKNOWN"
          },
          "title": "Cross-site scripting in SimpleSAMLphp",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security-advisories@github.com",
              "ID": "CVE-2020-5226",
              "STATE": "PUBLIC",
              "TITLE": "Cross-site scripting in SimpleSAMLphp"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "SimpleSAMLphp",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "\u003e= 1.18.0, \u003c 1.18.4"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "simplesamlphp"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Cross-site scripting in SimpleSAMLphp before version 1.18.4. The www/erroreport.php script allows error reports to be submitted and sent to the system administrator. Starting with SimpleSAMLphp 1.18.0, a new SimpleSAML\\Utils\\EMail class was introduced to handle sending emails, implemented as a wrapper of an external dependency. This new wrapper allows us to use Twig templates in order to create the email sent with an error report. Since Twig provides automatic escaping of variables, manual escaping of the free-text field in www/errorreport.php was removed to avoid double escaping. However, for those not using the new user interface yet, an email template is hardcoded into the class itself in plain PHP. Since no escaping is provided in this template, it is then possible to inject HTML inside the template by manually crafting the contents of the free-text field."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://github.com/simplesamlphp/simplesamlphp/security/advisories/GHSA-mj9p-v2r8-wf8w",
                  "refsource": "CONFIRM",
                  "url": "https://github.com/simplesamlphp/simplesamlphp/security/advisories/GHSA-mj9p-v2r8-wf8w"
                },
                {
                  "name": "https://simplesamlphp.org/security/202001-01",
                  "refsource": "MISC",
                  "url": "https://simplesamlphp.org/security/202001-01"
                }
              ]
            },
            "source": {
              "advisory": "GHSA-mj9p-v2r8-wf8w",
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2020-5226",
        "datePublished": "2020-01-24T21:15:15.000Z",
        "dateReserved": "2020-01-02T00:00:00.000Z",
        "dateUpdated": "2024-08-04T08:22:08.731Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-5225 (GCVE-0-2020-5225)

    Vulnerability from nvd – Published: 2020-01-24 20:55 – Updated: 2024-08-04 08:22
    VLAI
    Title
    Log injection in SimpleSAMLphp
    Summary
    Log injection in SimpleSAMLphp before version 1.18.4. The www/erroreport.php script, which receives error reports and sends them via email to the system administrator, did not properly sanitize the report identifier obtained from the request. This allows an attacker, under specific circumstances, to inject new log lines by manually crafting this report ID. When configured to use the file logging handler, SimpleSAMLphp will output all its logs by appending each log line to a given file. Since the reportID parameter received in a request sent to www/errorreport.php was not properly sanitized, it was possible to inject newline characters into it, effectively allowing a malicious user to inject new log lines with arbitrary content.
    CWE
    • CWE-532 - Inclusion of Sensitive Information in Log Files
    Assigner
    References
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T08:22:08.946Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/simplesamlphp/simplesamlphp/security/advisories/GHSA-6gc6-m364-85ww"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://simplesamlphp.org/security/202001-02"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "SimpleSAMLphp",
              "vendor": "simplesamlphp",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 1.18.4"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Log injection in SimpleSAMLphp before version 1.18.4. The www/erroreport.php script, which receives error reports and sends them via email to the system administrator, did not properly sanitize the report identifier obtained from the request. This allows an attacker, under specific circumstances, to inject new log lines by manually crafting this report ID. When configured to use the file logging handler, SimpleSAMLphp will output all its logs by appending each log line to a given file. Since the reportID parameter received in a request sent to www/errorreport.php was not properly sanitized, it was possible to inject newline characters into it, effectively allowing a malicious user to inject new log lines with arbitrary content."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-532",
                  "description": "CWE-532: Inclusion of Sensitive Information in Log Files",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-01-24T20:55:14.000Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/simplesamlphp/simplesamlphp/security/advisories/GHSA-6gc6-m364-85ww"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://simplesamlphp.org/security/202001-02"
            }
          ],
          "source": {
            "advisory": "GHSA-6gc6-m364-85ww",
            "discovery": "UNKNOWN"
          },
          "title": "Log injection in SimpleSAMLphp",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security-advisories@github.com",
              "ID": "CVE-2020-5225",
              "STATE": "PUBLIC",
              "TITLE": "Log injection in SimpleSAMLphp"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "SimpleSAMLphp",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "\u003c 1.18.4"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "simplesamlphp"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Log injection in SimpleSAMLphp before version 1.18.4. The www/erroreport.php script, which receives error reports and sends them via email to the system administrator, did not properly sanitize the report identifier obtained from the request. This allows an attacker, under specific circumstances, to inject new log lines by manually crafting this report ID. When configured to use the file logging handler, SimpleSAMLphp will output all its logs by appending each log line to a given file. Since the reportID parameter received in a request sent to www/errorreport.php was not properly sanitized, it was possible to inject newline characters into it, effectively allowing a malicious user to inject new log lines with arbitrary content."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-532: Inclusion of Sensitive Information in Log Files"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://github.com/simplesamlphp/simplesamlphp/security/advisories/GHSA-6gc6-m364-85ww",
                  "refsource": "CONFIRM",
                  "url": "https://github.com/simplesamlphp/simplesamlphp/security/advisories/GHSA-6gc6-m364-85ww"
                },
                {
                  "name": "https://simplesamlphp.org/security/202001-02",
                  "refsource": "MISC",
                  "url": "https://simplesamlphp.org/security/202001-02"
                }
              ]
            },
            "source": {
              "advisory": "GHSA-6gc6-m364-85ww",
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2020-5225",
        "datePublished": "2020-01-24T20:55:14.000Z",
        "dateReserved": "2020-01-02T00:00:00.000Z",
        "dateUpdated": "2024-08-04T08:22:08.946Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-3465 (GCVE-0-2019-3465)

    Vulnerability from nvd – Published: 2019-11-07 19:12 – Updated: 2024-08-04 19:12
    VLAI
    Summary
    Rob Richards XmlSecLibs, all versions prior to v3.0.3, as used for example by SimpleSAMLphp, performed incorrect validation of cryptographic signatures in XML messages, allowing an authenticated attacker to impersonate others or elevate privileges by creating a crafted XML message.
    Severity
    No CVSS data available.
    CWE
    • Improper Verification of Cryptographic Signature
    Assigner
    References
    Impacted products
    Vendor Product Version
    n/a Rob Richards XmlSecLibs Affected: All versions prior to version 3.0.3
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T19:12:09.411Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "[debian-lts-announce] 20191106 [SECURITY] [DLA 1983-1] simplesamlphp security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2019/11/msg00003.html"
              },
              {
                "name": "20191106 [SECURITY] [DSA 4560-1] simplesamlphp security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "https://seclists.org/bugtraq/2019/Nov/8"
              },
              {
                "name": "DSA-4560",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "https://www.debian.org/security/2019/dsa-4560"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/robrichards/xmlseclibs/commit/0a53d3c3aa87564910cae4ed01416441d3ae0db5"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://simplesamlphp.org/security/201911-01"
              },
              {
                "name": "FEDORA-2019-9a960c8a98",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AB34ILMJ67CUROBOR6YPKB46VHXLOAJ4/"
              },
              {
                "name": "FEDORA-2019-81f61cdceb",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MAWOVYLZKYDCQBLQEJCFAAD3KQTBPHXE/"
              },
              {
                "name": "FEDORA-2019-be01267416",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ESKJTWLE7QZBQ3EKMYXKMBQG3JDEJWM6/"
              },
              {
                "name": "FEDORA-2019-73d0fe1d15",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7KID7C4AZPYYIZQIPSLANP4R2RQR6YK3/"
              },
              {
                "name": "FEDORA-2019-dc90bf093b",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XBSSRV5Q7JFCYO46A3EN624UZ4KXFQ2M/"
              },
              {
                "name": "FEDORA-2019-ec8719a21c",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HBE2SJSXG7J4XYLJ2H6HC2VPPOG2OMUN/"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.tenable.com/security/tns-2019-09"
              },
              {
                "name": "FEDORA-2020-1b95d7a131",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BNFMY5RRLU63P25HEBVDO5KAVI7TX7JV/"
              },
              {
                "name": "FEDORA-2020-46d0f456a9",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BBKVDUZ7G5ZOUO4BFJWLNJ6VOKBQJX5U/"
              },
              {
                "name": "FEDORA-2020-af82229ae5",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OCSR3V6LNWJAD37VQB6M2K7P4RQSCVFG/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Rob Richards XmlSecLibs",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions prior to version 3.0.3"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Rob Richards XmlSecLibs, all versions prior to v3.0.3, as used for example by SimpleSAMLphp, performed incorrect validation of cryptographic signatures in XML messages, allowing an authenticated attacker to impersonate others or elevate privileges by creating a crafted XML message."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Improper Verification of Cryptographic Signature",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-04-25T04:06:13.000Z",
            "orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
            "shortName": "debian"
          },
          "references": [
            {
              "name": "[debian-lts-announce] 20191106 [SECURITY] [DLA 1983-1] simplesamlphp security update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2019/11/msg00003.html"
            },
            {
              "name": "20191106 [SECURITY] [DSA 4560-1] simplesamlphp security update",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "https://seclists.org/bugtraq/2019/Nov/8"
            },
            {
              "name": "DSA-4560",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "https://www.debian.org/security/2019/dsa-4560"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/robrichards/xmlseclibs/commit/0a53d3c3aa87564910cae4ed01416441d3ae0db5"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://simplesamlphp.org/security/201911-01"
            },
            {
              "name": "FEDORA-2019-9a960c8a98",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AB34ILMJ67CUROBOR6YPKB46VHXLOAJ4/"
            },
            {
              "name": "FEDORA-2019-81f61cdceb",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MAWOVYLZKYDCQBLQEJCFAAD3KQTBPHXE/"
            },
            {
              "name": "FEDORA-2019-be01267416",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ESKJTWLE7QZBQ3EKMYXKMBQG3JDEJWM6/"
            },
            {
              "name": "FEDORA-2019-73d0fe1d15",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7KID7C4AZPYYIZQIPSLANP4R2RQR6YK3/"
            },
            {
              "name": "FEDORA-2019-dc90bf093b",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XBSSRV5Q7JFCYO46A3EN624UZ4KXFQ2M/"
            },
            {
              "name": "FEDORA-2019-ec8719a21c",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HBE2SJSXG7J4XYLJ2H6HC2VPPOG2OMUN/"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.tenable.com/security/tns-2019-09"
            },
            {
              "name": "FEDORA-2020-1b95d7a131",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BNFMY5RRLU63P25HEBVDO5KAVI7TX7JV/"
            },
            {
              "name": "FEDORA-2020-46d0f456a9",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BBKVDUZ7G5ZOUO4BFJWLNJ6VOKBQJX5U/"
            },
            {
              "name": "FEDORA-2020-af82229ae5",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OCSR3V6LNWJAD37VQB6M2K7P4RQSCVFG/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@debian.org",
              "ID": "CVE-2019-3465",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Rob Richards XmlSecLibs",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "All versions prior to version 3.0.3"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Rob Richards XmlSecLibs, all versions prior to v3.0.3, as used for example by SimpleSAMLphp, performed incorrect validation of cryptographic signatures in XML messages, allowing an authenticated attacker to impersonate others or elevate privileges by creating a crafted XML message."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Improper Verification of Cryptographic Signature"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "[debian-lts-announce] 20191106 [SECURITY] [DLA 1983-1] simplesamlphp security update",
                  "refsource": "MLIST",
                  "url": "https://lists.debian.org/debian-lts-announce/2019/11/msg00003.html"
                },
                {
                  "name": "20191106 [SECURITY] [DSA 4560-1] simplesamlphp security update",
                  "refsource": "BUGTRAQ",
                  "url": "https://seclists.org/bugtraq/2019/Nov/8"
                },
                {
                  "name": "DSA-4560",
                  "refsource": "DEBIAN",
                  "url": "https://www.debian.org/security/2019/dsa-4560"
                },
                {
                  "name": "https://github.com/robrichards/xmlseclibs/commit/0a53d3c3aa87564910cae4ed01416441d3ae0db5",
                  "refsource": "MISC",
                  "url": "https://github.com/robrichards/xmlseclibs/commit/0a53d3c3aa87564910cae4ed01416441d3ae0db5"
                },
                {
                  "name": "https://simplesamlphp.org/security/201911-01",
                  "refsource": "MISC",
                  "url": "https://simplesamlphp.org/security/201911-01"
                },
                {
                  "name": "FEDORA-2019-9a960c8a98",
                  "refsource": "FEDORA",
                  "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AB34ILMJ67CUROBOR6YPKB46VHXLOAJ4/"
                },
                {
                  "name": "FEDORA-2019-81f61cdceb",
                  "refsource": "FEDORA",
                  "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MAWOVYLZKYDCQBLQEJCFAAD3KQTBPHXE/"
                },
                {
                  "name": "FEDORA-2019-be01267416",
                  "refsource": "FEDORA",
                  "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ESKJTWLE7QZBQ3EKMYXKMBQG3JDEJWM6/"
                },
                {
                  "name": "FEDORA-2019-73d0fe1d15",
                  "refsource": "FEDORA",
                  "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7KID7C4AZPYYIZQIPSLANP4R2RQR6YK3/"
                },
                {
                  "name": "FEDORA-2019-dc90bf093b",
                  "refsource": "FEDORA",
                  "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XBSSRV5Q7JFCYO46A3EN624UZ4KXFQ2M/"
                },
                {
                  "name": "FEDORA-2019-ec8719a21c",
                  "refsource": "FEDORA",
                  "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HBE2SJSXG7J4XYLJ2H6HC2VPPOG2OMUN/"
                },
                {
                  "name": "https://www.tenable.com/security/tns-2019-09",
                  "refsource": "CONFIRM",
                  "url": "https://www.tenable.com/security/tns-2019-09"
                },
                {
                  "name": "FEDORA-2020-1b95d7a131",
                  "refsource": "FEDORA",
                  "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BNFMY5RRLU63P25HEBVDO5KAVI7TX7JV/"
                },
                {
                  "name": "FEDORA-2020-46d0f456a9",
                  "refsource": "FEDORA",
                  "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BBKVDUZ7G5ZOUO4BFJWLNJ6VOKBQJX5U/"
                },
                {
                  "name": "FEDORA-2020-af82229ae5",
                  "refsource": "FEDORA",
                  "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OCSR3V6LNWJAD37VQB6M2K7P4RQSCVFG/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
        "assignerShortName": "debian",
        "cveId": "CVE-2019-3465",
        "datePublished": "2019-11-07T19:12:33.000Z",
        "dateReserved": "2018-12-31T00:00:00.000Z",
        "dateUpdated": "2024-08-04T19:12:09.411Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2011-4625 (GCVE-0-2011-4625)

    Vulnerability from nvd – Published: 2019-11-06 14:53 – Updated: 2024-08-07 00:09
    VLAI
    Summary
    simplesamlphp before 1.6.3 (squeeze) and before 1.8.2 (sid) incorrectly handles XML encryption which could allow remote attackers to decrypt or forge messages.
    Severity
    No CVSS data available.
    CWE
    • Cryptography
    Assigner
    References
    Impacted products
    Date Public
    2012-02-11 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T00:09:19.359Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://security-tracker.debian.org/tracker/CVE-2011-4625"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.mageni.net/1.3.6.1.4.1.25623.1.0.70545"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "simplesamlphp",
              "vendor": "simplesamlphp",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.13.1-2"
                }
              ]
            }
          ],
          "datePublic": "2012-02-11T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "simplesamlphp before 1.6.3 (squeeze) and before 1.8.2 (sid) incorrectly handles XML encryption which could allow remote attackers to decrypt or forge messages."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Cryptography",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-11-06T14:53:31.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://security-tracker.debian.org/tracker/CVE-2011-4625"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.mageni.net/1.3.6.1.4.1.25623.1.0.70545"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secalert@redhat.com",
              "ID": "CVE-2011-4625",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "simplesamlphp",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "1.13.1-2"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "simplesamlphp"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "simplesamlphp before 1.6.3 (squeeze) and before 1.8.2 (sid) incorrectly handles XML encryption which could allow remote attackers to decrypt or forge messages."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Cryptography"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://security-tracker.debian.org/tracker/CVE-2011-4625",
                  "refsource": "MISC",
                  "url": "https://security-tracker.debian.org/tracker/CVE-2011-4625"
                },
                {
                  "name": "https://www.mageni.net/1.3.6.1.4.1.25623.1.0.70545",
                  "refsource": "MISC",
                  "url": "https://www.mageni.net/1.3.6.1.4.1.25623.1.0.70545"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2011-4625",
        "datePublished": "2019-11-06T14:53:31.000Z",
        "dateReserved": "2011-11-29T00:00:00.000Z",
        "dateUpdated": "2024-08-07T00:09:19.359Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2026-46491 (GCVE-0-2026-46491)

    Vulnerability from cvelistv5 – Published: 2026-06-09 23:00 – Updated: 2026-06-10 18:11
    VLAI
    Title
    SimpleSAMLphp casserver FileSystemTicketStore path traversal allows out-of-ticket-directory read/unserialize and conditional deletion
    Summary
    SimpleSAMLphp-casserver is a CAS 1.0 and 2.0 compliant CAS server in the form of a SimpleSAMLphp module. Prior to version 7.0.3, simplesamlphp-module-casserver builds file paths for the file-based CAS ticket store by directly concatenating the configured ticket directory with an attacker-controlled ticket identifier. Public CAS validation/proxy endpoints pass attacker-controlled ticket / pgt query parameters into this store. In deployments using FileSystemTicketStore, a remote attacker can use path traversal sequences such as ../target.serialized to make the CAS server read and unserialize files outside the ticket directory. In the CAS 1.0 validation flow, the same attacker-selected path is also passed to deleteTicket() immediately after getTicket() returns, which can delete the target file when it is readable by the PHP process, deletable under the PHP process filesystem permissions, and unserializes to a value compatible with the ?array return type. This issue has been patched in version 7.0.3.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
    Assigner
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-46491",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-10T18:11:18.465035Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-10T18:11:30.420Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "simplesamlphp-module-casserver",
              "vendor": "simplesamlphp",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 7.0.3"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "SimpleSAMLphp-casserver is a CAS 1.0 and 2.0 compliant CAS server in the form of a SimpleSAMLphp module. Prior to version 7.0.3, simplesamlphp-module-casserver builds file paths for the file-based CAS ticket store by directly concatenating the configured ticket directory with an attacker-controlled ticket identifier. Public CAS validation/proxy endpoints pass attacker-controlled ticket / pgt query parameters into this store. In deployments using FileSystemTicketStore, a remote attacker can use path traversal sequences such as ../target.serialized to make the CAS server read and unserialize files outside the ticket directory. In the CAS 1.0 validation flow, the same attacker-selected path is also passed to deleteTicket() immediately after getTicket() returns, which can delete the target file when it is readable by the PHP process, deletable under the PHP process filesystem permissions, and unserializes to a value compatible with the ?array return type. This issue has been patched in version 7.0.3."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 8.6,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "LOW",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-22",
                  "description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-09T23:00:11.313Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/simplesamlphp/simplesamlphp-module-casserver/security/advisories/GHSA-jrrg-99xh-5j2q",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/simplesamlphp/simplesamlphp-module-casserver/security/advisories/GHSA-jrrg-99xh-5j2q"
            },
            {
              "name": "https://github.com/simplesamlphp/simplesamlphp-module-casserver/commit/b84f3e4ed57c4d97e0dc73df102e7eff831a681f",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/simplesamlphp/simplesamlphp-module-casserver/commit/b84f3e4ed57c4d97e0dc73df102e7eff831a681f"
            },
            {
              "name": "https://github.com/simplesamlphp/simplesamlphp-module-casserver/releases/tag/v7.0.3",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/simplesamlphp/simplesamlphp-module-casserver/releases/tag/v7.0.3"
            }
          ],
          "source": {
            "advisory": "GHSA-jrrg-99xh-5j2q",
            "discovery": "UNKNOWN"
          },
          "title": "SimpleSAMLphp casserver FileSystemTicketStore path traversal allows out-of-ticket-directory read/unserialize and conditional deletion"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-46491",
        "datePublished": "2026-06-09T23:00:11.313Z",
        "dateReserved": "2026-05-14T18:06:06.811Z",
        "dateUpdated": "2026-06-10T18:11:30.420Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-65954 (GCVE-0-2025-65954)

    Vulnerability from cvelistv5 – Published: 2026-05-18 19:57 – Updated: 2026-05-18 20:28
    VLAI
    Title
    SimpleSAMLphp-casserver has an Open Redirect vulnerability via logout
    Summary
    SimpleSAMLphp-casserver is a CAS 1.0 and 2.0 compliant CAS server in the form of a SimpleSAMLphp module. In versions below 6.3.1 and 7.0.0, the logout endpoint accepts a url query parameter to redirect to. casserver treats that url as trusted, and either (depending on configuration) redirects the browser there, or shows a "you've been logged out" page with a link to continue to that url. Impacted configs include 'enable_logout' => true, and 'skip_logout_page' -> true. This issue has been resolved in versions 6.3.1 and 7.0.0.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-601 - URL Redirection to Untrusted Site ('Open Redirect')
    Assigner
    Impacted products
    Vendor Product Version
    simplesamlphp simplesamlphp-module-casserver Affected: < 6.3.1
    Affected: >= 7.0.0-rc1, < 7.0.0
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-65954",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-18T20:27:41.760236Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-18T20:28:06.383Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://github.com/simplesamlphp/simplesamlphp-module-casserver/security/advisories/GHSA-cvrm-5hp6-h523"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "simplesamlphp-module-casserver",
              "vendor": "simplesamlphp",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 6.3.1"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 7.0.0-rc1,  \u003c 7.0.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "SimpleSAMLphp-casserver is a CAS 1.0 and 2.0 compliant CAS server in the form of a SimpleSAMLphp module. In versions below 6.3.1 and 7.0.0, the logout endpoint accepts a url query parameter to redirect to. casserver treats that url as trusted, and either (depending on configuration) redirects the browser there, or shows a \"you\u0027ve been logged out\" page with a link to continue to that url. Impacted configs include \u0027enable_logout\u0027 =\u003e true, and \u0027skip_logout_page\u0027 -\u003e true. This issue has been resolved in versions 6.3.1 and 7.0.0."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.7,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-601",
                  "description": "CWE-601: URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-18T19:57:07.228Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/simplesamlphp/simplesamlphp-module-casserver/security/advisories/GHSA-cvrm-5hp6-h523",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/simplesamlphp/simplesamlphp-module-casserver/security/advisories/GHSA-cvrm-5hp6-h523"
            },
            {
              "name": "https://github.com/simplesamlphp/simplesamlphp-module-casserver/commit/0462f50f00b3bb300d83067d11b74146a57bb8e0",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/simplesamlphp/simplesamlphp-module-casserver/commit/0462f50f00b3bb300d83067d11b74146a57bb8e0"
            },
            {
              "name": "https://github.com/simplesamlphp/simplesamlphp-module-casserver/commit/fb6c6f1c7b9e757c93c5c306e1d36405e64f6dc5",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/simplesamlphp/simplesamlphp-module-casserver/commit/fb6c6f1c7b9e757c93c5c306e1d36405e64f6dc5"
            }
          ],
          "source": {
            "advisory": "GHSA-cvrm-5hp6-h523",
            "discovery": "UNKNOWN"
          },
          "title": "SimpleSAMLphp-casserver  has an Open Redirect vulnerability via logout"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2025-65954",
        "datePublished": "2026-05-18T19:57:07.228Z",
        "dateReserved": "2025-11-18T16:14:56.693Z",
        "dateUpdated": "2026-05-18T20:28:06.383Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-32600 (GCVE-0-2026-32600)

    Vulnerability from cvelistv5 – Published: 2026-03-13 19:58 – Updated: 2026-03-16 14:03
    VLAI
    Title
    xml-security is Missing AES-GCM Authentication Tag Validation on Encrypted Nodes Allows for Unauthorized Decryption
    Summary
    xml-security is a library that implements XML signatures and encryption. Prior to versions 2.3.1 and 1.13.9, XML nodes encrypted with either aes-128-gcm, aes-192-gcm, or aes-256-gcm lack validation of the authentication tag length. An attacker can use this to brute-force an authentication tag, recover the GHASH key, and decrypt the encrypted nodes. It also allows to forge arbitrary ciphertexts without knowing the encryption key. This vulnerability is fixed in 2.3.1 and 1.13.9.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-354 - Improper Validation of Integrity Check Value
    Assigner
    Impacted products
    Vendor Product Version
    simplesamlphp xml-security Affected: >= 2.0.0, < 2.3.1
    Affected: < 1.13.9
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-32600",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-03-16T14:01:30.383537Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-03-16T14:03:17.811Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "xml-security",
              "vendor": "simplesamlphp",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003e= 2.0.0, \u003c 2.3.1"
                },
                {
                  "status": "affected",
                  "version": "\u003c 1.13.9"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "xml-security is a library that implements XML signatures and encryption. Prior to versions 2.3.1 and 1.13.9, XML nodes encrypted with either aes-128-gcm, aes-192-gcm, or aes-256-gcm lack validation of the authentication tag length. An attacker can use this to brute-force an authentication tag, recover the GHASH key, and decrypt the encrypted nodes. It also allows to forge arbitrary ciphertexts without knowing the encryption key. This vulnerability is fixed in 2.3.1 and 1.13.9."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 8.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-354",
                  "description": "CWE-354: Improper Validation of Integrity Check Value",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-03-16T12:28:57.720Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/simplesamlphp/xml-security/security/advisories/GHSA-r353-4845-pr5p",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/simplesamlphp/xml-security/security/advisories/GHSA-r353-4845-pr5p"
            },
            {
              "name": "https://github.com/simplesamlphp/xml-security/commit/cad6d57cf0a5a0b7e0cc4e4a5b18752e56eb1520",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/simplesamlphp/xml-security/commit/cad6d57cf0a5a0b7e0cc4e4a5b18752e56eb1520"
            },
            {
              "name": "https://github.com/simplesamlphp/xml-security/commit/fdc12449e959c610943f9fd428e95e3832d74c25",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/simplesamlphp/xml-security/commit/fdc12449e959c610943f9fd428e95e3832d74c25"
            }
          ],
          "source": {
            "advisory": "GHSA-r353-4845-pr5p",
            "discovery": "UNKNOWN"
          },
          "title": "xml-security is Missing AES-GCM Authentication Tag Validation on Encrypted Nodes Allows for Unauthorized Decryption"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-32600",
        "datePublished": "2026-03-13T19:58:41.692Z",
        "dateReserved": "2026-03-12T14:54:24.269Z",
        "dateUpdated": "2026-03-16T14:03:17.811Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-27773 (GCVE-0-2025-27773)

    Vulnerability from cvelistv5 – Published: 2025-03-11 19:04 – Updated: 2025-05-09 20:03
    VLAI
    Title
    SimpleSAMLphp SAML2 library has incorrect signature verification for HTTP-Redirect binding
    Summary
    The SimpleSAMLphp SAML2 library is a PHP library for SAML2 related functionality. Prior to versions 4.17.0 and 5.0.0-alpha.20, there is a signature confusion attack in the HTTPRedirect binding. An attacker with any signed SAMLResponse via the HTTP-Redirect binding can cause the application to accept an unsigned message. Versions 4.17.0 and 5.0.0-alpha.20 contain a fix for the issue.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-347 - Improper Verification of Cryptographic Signature
    Assigner
    Impacted products
    Vendor Product Version
    simplesamlphp saml2 Affected: < 4.17.0
    Affected: >= 5.0.0-alpha.1, < 5.0.0-alpha.20
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-27773",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-03-11T19:26:31.017558Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-03-11T19:27:00.852Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2025-05-09T20:03:38.107Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00013.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "saml2",
              "vendor": "simplesamlphp",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 4.17.0"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 5.0.0-alpha.1, \u003c 5.0.0-alpha.20"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The SimpleSAMLphp SAML2 library is a PHP library for SAML2 related functionality. Prior to versions 4.17.0 and 5.0.0-alpha.20, there is a signature confusion attack in the HTTPRedirect binding. An attacker with any signed SAMLResponse via the HTTP-Redirect binding can cause the application to accept an unsigned message. Versions 4.17.0 and 5.0.0-alpha.20 contain a fix for the issue."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 8.6,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-347",
                  "description": "CWE-347: Improper Verification of Cryptographic Signature",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-03-11T19:04:52.135Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/simplesamlphp/saml2/security/advisories/GHSA-46r4-f8gj-xg56",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/simplesamlphp/saml2/security/advisories/GHSA-46r4-f8gj-xg56"
            },
            {
              "name": "https://github.com/simplesamlphp/saml2/commit/7867d6099dc7f31bed1ea10e5bea159c5623d2a0",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/simplesamlphp/saml2/commit/7867d6099dc7f31bed1ea10e5bea159c5623d2a0"
            },
            {
              "name": "https://github.com/simplesamlphp/saml2/blob/9545abd0d9d48388f2fa00469c5c1e0294f0303e/src/SAML2/HTTPRedirect.php#L104-L113",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/simplesamlphp/saml2/blob/9545abd0d9d48388f2fa00469c5c1e0294f0303e/src/SAML2/HTTPRedirect.php#L104-L113"
            },
            {
              "name": "https://github.com/simplesamlphp/saml2/blob/9545abd0d9d48388f2fa00469c5c1e0294f0303e/src/SAML2/HTTPRedirect.php#L178-L217",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/simplesamlphp/saml2/blob/9545abd0d9d48388f2fa00469c5c1e0294f0303e/src/SAML2/HTTPRedirect.php#L178-L217"
            }
          ],
          "source": {
            "advisory": "GHSA-46r4-f8gj-xg56",
            "discovery": "UNKNOWN"
          },
          "title": "SimpleSAMLphp SAML2 library has incorrect signature verification for HTTP-Redirect binding"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2025-27773",
        "datePublished": "2025-03-11T19:04:52.135Z",
        "dateReserved": "2025-03-06T18:06:54.460Z",
        "dateUpdated": "2025-05-09T20:03:38.107Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-52596 (GCVE-0-2024-52596)

    Vulnerability from cvelistv5 – Published: 2024-12-02 16:24 – Updated: 2024-12-02 18:36
    VLAI
    Title
    SimpleSAMLphp xml-common XXE vulnerability
    Summary
    SimpleSAMLphp xml-common is a common classes for handling XML-structures. When loading an (untrusted) XML document, for example the SAMLResponse, it's possible to induce an XXE. This vulnerability is fixed in 1.19.0.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-611 - Improper Restriction of XML External Entity Reference
    Assigner
    Impacted products
    Vendor Product Version
    simplesamlphp xml-common Affected: < 1.20.0
    Create a notification for this product.
    simplesamlphp xml-common Affected: 0 , < 1.20.0 (custom)
        cpe:2.3:a:simplesamlphp:xml-common:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-12-02T17:02:40.705Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "https://lists.debian.org/debian-lts-announce/2024/12/msg00001.html"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:simplesamlphp:xml-common:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "xml-common",
                "vendor": "simplesamlphp",
                "versions": [
                  {
                    "lessThan": "1.20.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-52596",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-12-02T18:32:34.951320Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-12-02T18:36:23.399Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "xml-common",
              "vendor": "simplesamlphp",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 1.20.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "SimpleSAMLphp xml-common is a common classes for handling XML-structures. When loading an (untrusted) XML document, for example the SAMLResponse, it\u0027s possible to induce an XXE. This vulnerability is fixed in 1.19.0."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "privilegesRequired": "NONE",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "LOW",
                "subIntegrityImpact": "LOW",
                "userInteraction": "NONE",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:H/SC:L/SI:L/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "NONE"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-611",
                  "description": "CWE-611: Improper Restriction of XML External Entity Reference",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-12-02T16:24:49.591Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/simplesamlphp/xml-common/security/advisories/GHSA-2x65-fpch-2fcm",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/simplesamlphp/xml-common/security/advisories/GHSA-2x65-fpch-2fcm"
            },
            {
              "name": "https://github.com/simplesamlphp/xml-common/commit/fa4ade391c3194466acf5fbfd5d2ecdbf5e831f5",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/simplesamlphp/xml-common/commit/fa4ade391c3194466acf5fbfd5d2ecdbf5e831f5"
            }
          ],
          "source": {
            "advisory": "GHSA-2x65-fpch-2fcm",
            "discovery": "UNKNOWN"
          },
          "title": "SimpleSAMLphp xml-common XXE vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2024-52596",
        "datePublished": "2024-12-02T16:24:49.591Z",
        "dateReserved": "2024-11-14T15:05:46.769Z",
        "dateUpdated": "2024-12-02T18:36:23.399Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-52806 (GCVE-0-2024-52806)

    Vulnerability from cvelistv5 – Published: 2024-12-02 16:18 – Updated: 2024-12-02 19:12
    VLAI
    Title
    SimpleSAMLphp SAML2 has an XXE in parsing SAML messages
    Summary
    SimpleSAMLphp SAML2 library is a PHP library for SAML2 related functionality. When loading an (untrusted) XML document, for example the SAMLResponse, it's possible to induce an XXE. This vulnerability is fixed in 4.6.14 and 5.0.0-alpha.18.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-611 - Improper Restriction of XML External Entity Reference
    Assigner
    References
    Impacted products
    Vendor Product Version
    simplesamlphp saml2 Affected: < 4.6.14
    Affected: >= 5.0.0-alpha.1, < 5.0.0-alpha.18
    Create a notification for this product.
    simplesamlphp saml2 Affected: 0 , < 4.6.14 (custom)
    Affected: 0 , ≤ 5.0.0-alpha.1 (custom)
    Affected: 0 , < 5.0.0-alpha.18 (custom)
        cpe:2.3:a:simplesamlphp:saml2:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:simplesamlphp:saml2:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "saml2",
                "vendor": "simplesamlphp",
                "versions": [
                  {
                    "lessThan": "4.6.14",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  },
                  {
                    "lessThanOrEqual": "5.0.0-alpha.1",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "5.0.0-alpha.18",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-52806",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-12-02T19:10:45.941998Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-12-02T19:12:33.197Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "saml2",
              "vendor": "simplesamlphp",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 4.6.14"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 5.0.0-alpha.1, \u003c 5.0.0-alpha.18"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "SimpleSAMLphp SAML2 library is a PHP library for SAML2 related functionality. When loading an (untrusted) XML document, for example the SAMLResponse, it\u0027s possible to induce an XXE. This vulnerability is fixed in 4.6.14 and 5.0.0-alpha.18."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 8.3,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-611",
                  "description": "CWE-611: Improper Restriction of XML External Entity Reference",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-12-02T16:18:43.485Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/simplesamlphp/saml2/security/advisories/GHSA-pxm4-r5ph-q2m2",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/simplesamlphp/saml2/security/advisories/GHSA-pxm4-r5ph-q2m2"
            },
            {
              "name": "https://github.com/simplesamlphp/saml2/commit/5fd4ce4596656fb0c1278f15b8305825412e89f7",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/simplesamlphp/saml2/commit/5fd4ce4596656fb0c1278f15b8305825412e89f7"
            }
          ],
          "source": {
            "advisory": "GHSA-pxm4-r5ph-q2m2",
            "discovery": "UNKNOWN"
          },
          "title": "SimpleSAMLphp SAML2 has an XXE in parsing SAML messages"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2024-52806",
        "datePublished": "2024-12-02T16:18:43.485Z",
        "dateReserved": "2024-11-15T17:11:13.442Z",
        "dateUpdated": "2024-12-02T19:12:33.197Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-49087 (GCVE-0-2023-49087)

    Vulnerability from cvelistv5 – Published: 2023-11-30 05:20 – Updated: 2024-08-02 21:46
    VLAI
    Title
    Validation of SignedInfo
    Summary
    xml-security is a library that implements XML signatures and encryption. Validation of an XML signature requires verification that the hash value of the related XML-document matches a specific DigestValue-value, but also that the cryptographic signature on the SignedInfo-tree (the one that contains the DigestValue) verifies and matches a trusted public key. If an attacker somehow (i.e. by exploiting a bug in PHP's canonicalization function) manages to manipulate the canonicalized version's DigestValue, it would be possible to forge the signature. This issue has been patched in version 1.6.12 and 5.0.0-alpha.13.
    CWE
    • CWE-345 - Insufficient Verification of Data Authenticity
    Assigner
    References
    Impacted products
    Vendor Product Version
    simplesamlphp xml-security Affected: = 1.6.11
    Affected: = 5.0.0-alpha.12
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T21:46:29.195Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "https://github.com/simplesamlphp/xml-security/security/advisories/GHSA-ww7x-3gxh-qm6r",
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/simplesamlphp/xml-security/security/advisories/GHSA-ww7x-3gxh-qm6r"
              },
              {
                "name": "https://github.com/simplesamlphp/xml-security/commit/f509e3083dd7870cce5880c804b5122317287581",
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/simplesamlphp/xml-security/commit/f509e3083dd7870cce5880c804b5122317287581"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "xml-security",
              "vendor": "simplesamlphp",
              "versions": [
                {
                  "status": "affected",
                  "version": "= 1.6.11"
                },
                {
                  "status": "affected",
                  "version": "= 5.0.0-alpha.12"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "xml-security is a library that implements XML signatures and encryption. Validation of an XML signature requires verification that the hash value of the related XML-document matches a specific DigestValue-value, but also that the cryptographic signature on the SignedInfo-tree (the one that contains the DigestValue) verifies and matches a trusted public key. If an attacker somehow (i.e. by exploiting a bug in PHP\u0027s canonicalization function) manages to manipulate the canonicalized version\u0027s DigestValue, it would be possible to forge the signature. This issue has been patched in version 1.6.12 and 5.0.0-alpha.13."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-345",
                  "description": "CWE-345: Insufficient Verification of Data Authenticity",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-11-30T05:20:28.298Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/simplesamlphp/xml-security/security/advisories/GHSA-ww7x-3gxh-qm6r",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/simplesamlphp/xml-security/security/advisories/GHSA-ww7x-3gxh-qm6r"
            },
            {
              "name": "https://github.com/simplesamlphp/xml-security/commit/f509e3083dd7870cce5880c804b5122317287581",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/simplesamlphp/xml-security/commit/f509e3083dd7870cce5880c804b5122317287581"
            }
          ],
          "source": {
            "advisory": "GHSA-ww7x-3gxh-qm6r",
            "discovery": "UNKNOWN"
          },
          "title": "Validation of SignedInfo"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2023-49087",
        "datePublished": "2023-11-30T05:20:28.298Z",
        "dateReserved": "2023-11-21T18:57:30.429Z",
        "dateUpdated": "2024-08-02T21:46:29.195Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2010-10008 (GCVE-0-2010-10008)

    Vulnerability from cvelistv5 – Published: 2023-01-17 07:35 – Updated: 2024-11-25 16:35 Unsupported When Assigned
    VLAI
    Title
    simplesamlphp simplesamlphp-module-openidprovider trust.tpl.php cross site scripting
    Summary
    ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in simplesamlphp simplesamlphp-module-openidprovider up to 0.8.x. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file templates/trust.tpl.php. The manipulation of the argument StateID leads to cross site scripting. The attack can be launched remotely. Upgrading to version 0.9.0 is able to address this issue. The identifier of the patch is 8365d48c863cf06ccf1465cc0a161cefae29d69d. It is recommended to upgrade the affected component. The identifier VDB-218473 was assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Cross Site Scripting
    Assigner
    References
    Impacted products
    Vendor Product Version
    simplesamlphp simplesamlphp-module-openidprovider Affected: 0.1
    Affected: 0.2
    Affected: 0.3
    Affected: 0.4
    Affected: 0.5
    Affected: 0.6
    Affected: 0.7
    Affected: 0.8
    Create a notification for this product.
    Credits
    VulDB GitHub Commit Analyzer
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T04:17:10.297Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vdb-entry",
                  "technical-description",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?id.218473"
              },
              {
                "tags": [
                  "signature",
                  "permissions-required",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?ctiid.218473"
              },
              {
                "tags": [
                  "patch",
                  "x_transferred"
                ],
                "url": "https://github.com/simplesamlphp/simplesamlphp-module-openidprovider/commit/8365d48c863cf06ccf1465cc0a161cefae29d69d"
              },
              {
                "tags": [
                  "patch",
                  "x_transferred"
                ],
                "url": "https://github.com/simplesamlphp/simplesamlphp-module-openidprovider/releases/tag/v0.9.0"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2010-10008",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-02-29T17:02:13.966285Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-25T16:35:21.618Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "simplesamlphp-module-openidprovider",
              "vendor": "simplesamlphp",
              "versions": [
                {
                  "status": "affected",
                  "version": "0.1"
                },
                {
                  "status": "affected",
                  "version": "0.2"
                },
                {
                  "status": "affected",
                  "version": "0.3"
                },
                {
                  "status": "affected",
                  "version": "0.4"
                },
                {
                  "status": "affected",
                  "version": "0.5"
                },
                {
                  "status": "affected",
                  "version": "0.6"
                },
                {
                  "status": "affected",
                  "version": "0.7"
                },
                {
                  "status": "affected",
                  "version": "0.8"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "tool",
              "value": "VulDB GitHub Commit Analyzer"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in simplesamlphp simplesamlphp-module-openidprovider up to 0.8.x. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file templates/trust.tpl.php. The manipulation of the argument StateID leads to cross site scripting. The attack can be launched remotely. Upgrading to version 0.9.0 is able to address this issue. The identifier of the patch is 8365d48c863cf06ccf1465cc0a161cefae29d69d. It is recommended to upgrade the affected component. The identifier VDB-218473 was assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer."
            },
            {
              "lang": "de",
              "value": "In simplesamlphp simplesamlphp-module-openidprovider bis 0.8.x wurde eine problematische Schwachstelle ausgemacht. Dabei geht es um eine nicht genauer bekannte Funktion der Datei templates/trust.tpl.php. Mit der Manipulation des Arguments StateID mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Ein Aktualisieren auf die Version 0.9.0 vermag dieses Problem zu l\u00f6sen. Der Patch wird als 8365d48c863cf06ccf1465cc0a161cefae29d69d bezeichnet. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 3.5,
                "baseSeverity": "LOW",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 3.5,
                "baseSeverity": "LOW",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 4,
                "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Cross Site Scripting",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-10-12T08:25:41.420Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.218473"
            },
            {
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.218473"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/simplesamlphp/simplesamlphp-module-openidprovider/commit/8365d48c863cf06ccf1465cc0a161cefae29d69d"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/simplesamlphp/simplesamlphp-module-openidprovider/releases/tag/v0.9.0"
            }
          ],
          "tags": [
            "unsupported-when-assigned"
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2023-01-17T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2023-01-17T00:00:00.000Z",
              "value": "CVE reserved"
            },
            {
              "lang": "en",
              "time": "2023-01-17T01:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2023-02-09T10:31:57.000Z",
              "value": "VulDB last update"
            }
          ],
          "title": "simplesamlphp simplesamlphp-module-openidprovider trust.tpl.php cross site scripting"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2010-10008",
        "datePublished": "2023-01-17T07:35:29.073Z",
        "dateReserved": "2023-01-17T07:32:14.558Z",
        "dateUpdated": "2024-11-25T16:35:21.618Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2010-10004 (GCVE-0-2010-10004)

    Vulnerability from cvelistv5 – Published: 2023-01-09 07:15 – Updated: 2024-08-07 04:17
    VLAI
    Title
    Information Cards Module cross site scripting
    Summary
    A vulnerability was found in Information Cards Module on simpleSAMLphp and classified as problematic. This issue affects some unknown processing. The manipulation leads to cross site scripting. The attack may be initiated remotely. Upgrading to version 1.0 is able to address this issue. The identifier of the patch is f6bfea49ae16dc6e179df8306d39c3694f1ef186. It is recommended to upgrade the affected component. The identifier VDB-217661 was assigned to this vulnerability.
    CWE
    • CWE-79 - Cross Site Scripting
    Assigner
    References
    Impacted products
    Vendor Product Version
    n/a Information Cards Module Affected: n/a
    Credits
    VulDB GitHub Commit Analyzer
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T04:17:10.330Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vdb-entry",
                  "technical-description",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?id.217661"
              },
              {
                "tags": [
                  "signature",
                  "permissions-required",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?ctiid.217661"
              },
              {
                "tags": [
                  "patch",
                  "x_transferred"
                ],
                "url": "https://github.com/simplesamlphp/simplesamlphp-module-infocard/commit/f6bfea49ae16dc6e179df8306d39c3694f1ef186"
              },
              {
                "tags": [
                  "patch",
                  "x_transferred"
                ],
                "url": "https://github.com/simplesamlphp/simplesamlphp-module-infocard/releases/tag/v1.0"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Information Cards Module",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "tool",
              "value": "VulDB GitHub Commit Analyzer"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was found in Information Cards Module on simpleSAMLphp and classified as problematic. This issue affects some unknown processing. The manipulation leads to cross site scripting. The attack may be initiated remotely. Upgrading to version 1.0 is able to address this issue. The identifier of the patch is f6bfea49ae16dc6e179df8306d39c3694f1ef186. It is recommended to upgrade the affected component. The identifier VDB-217661 was assigned to this vulnerability."
            },
            {
              "lang": "de",
              "value": "Eine problematische Schwachstelle wurde in Information Cards Module f\u00fcr simpleSAMLphp gefunden. Es geht hierbei um eine nicht n\u00e4her spezifizierte Funktion. Durch Manipulation mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Ein Aktualisieren auf die Version 1.0 vermag dieses Problem zu l\u00f6sen. Der Patch wird als f6bfea49ae16dc6e179df8306d39c3694f1ef186 bezeichnet. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 3.5,
                "baseSeverity": "LOW",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 3.5,
                "baseSeverity": "LOW",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 4,
                "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Cross Site Scripting",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-10-12T08:22:01.887Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.217661"
            },
            {
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.217661"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/simplesamlphp/simplesamlphp-module-infocard/commit/f6bfea49ae16dc6e179df8306d39c3694f1ef186"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/simplesamlphp/simplesamlphp-module-infocard/releases/tag/v1.0"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2023-01-09T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2023-01-09T00:00:00.000Z",
              "value": "CVE reserved"
            },
            {
              "lang": "en",
              "time": "2023-01-09T01:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2023-01-30T10:20:26.000Z",
              "value": "VulDB last update"
            }
          ],
          "title": "Information Cards Module cross site scripting"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2010-10004",
        "datePublished": "2023-01-09T07:15:26.593Z",
        "dateReserved": "2023-01-09T07:15:11.985Z",
        "dateUpdated": "2024-08-07T04:17:10.330Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2010-10002 (GCVE-0-2010-10002)

    Vulnerability from cvelistv5 – Published: 2023-01-01 16:16 – Updated: 2024-08-07 04:17 Unsupported When Assigned
    VLAI
    Title
    SimpleSAMLphp simplesamlphp-module-openid OpenID consumer.php cross site scripting
    Summary
    ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as problematic has been found in SimpleSAMLphp simplesamlphp-module-openid. Affected is an unknown function of the file templates/consumer.php of the component OpenID Handler. The manipulation of the argument AuthState leads to cross site scripting. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. Upgrading to version 1.0 is able to address this issue. The patch is identified as d652d41ccaf8c45d5707e741c0c5d82a2365a9a3. It is recommended to upgrade the affected component. VDB-217170 is the identifier assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
    CWE
    • CWE-79 - Cross Site Scripting
    Assigner
    References
    Impacted products
    Credits
    VulDB GitHub Commit Analyzer
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T04:17:10.242Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vdb-entry",
                  "technical-description",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?id.217170"
              },
              {
                "tags": [
                  "signature",
                  "permissions-required",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?ctiid.217170"
              },
              {
                "tags": [
                  "patch",
                  "x_transferred"
                ],
                "url": "https://github.com/simplesamlphp/simplesamlphp-module-openid/commit/d652d41ccaf8c45d5707e741c0c5d82a2365a9a3"
              },
              {
                "tags": [
                  "patch",
                  "x_transferred"
                ],
                "url": "https://github.com/simplesamlphp/simplesamlphp-module-openid/releases/tag/v1.0"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "modules": [
                "OpenID Handler"
              ],
              "product": "simplesamlphp-module-openid",
              "vendor": "SimpleSAMLphp",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "tool",
              "value": "VulDB GitHub Commit Analyzer"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as problematic has been found in SimpleSAMLphp simplesamlphp-module-openid. Affected is an unknown function of the file templates/consumer.php of the component OpenID Handler. The manipulation of the argument AuthState leads to cross site scripting. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. Upgrading to version 1.0 is able to address this issue. The patch is identified as d652d41ccaf8c45d5707e741c0c5d82a2365a9a3. It is recommended to upgrade the affected component. VDB-217170 is the identifier assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer."
            },
            {
              "lang": "de",
              "value": "Es wurde eine problematische Schwachstelle in SimpleSAMLphp simplesamlphp-module-openid entdeckt. Es betrifft eine unbekannte Funktion der Datei templates/consumer.php der Komponente OpenID Handler. Durch Manipulieren des Arguments AuthState mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Die Komplexit\u00e4t eines Angriffs ist eher hoch. Sie gilt als schwierig auszunutzen. Ein Aktualisieren auf die Version 1.0 vermag dieses Problem zu l\u00f6sen. Der Patch wird als d652d41ccaf8c45d5707e741c0c5d82a2365a9a3 bezeichnet. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 3.1,
                "baseSeverity": "LOW",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 3.1,
                "baseSeverity": "LOW",
                "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 2.6,
                "vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Cross Site Scripting",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-10-12T08:19:35.363Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.217170"
            },
            {
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.217170"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/simplesamlphp/simplesamlphp-module-openid/commit/d652d41ccaf8c45d5707e741c0c5d82a2365a9a3"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/simplesamlphp/simplesamlphp-module-openid/releases/tag/v1.0"
            }
          ],
          "tags": [
            "unsupported-when-assigned"
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2023-01-01T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2023-01-01T00:00:00.000Z",
              "value": "CVE reserved"
            },
            {
              "lang": "en",
              "time": "2023-01-01T01:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2023-01-26T18:36:06.000Z",
              "value": "VulDB last update"
            }
          ],
          "title": "SimpleSAMLphp simplesamlphp-module-openid OpenID consumer.php cross site scripting"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2010-10002",
        "datePublished": "2023-01-01T16:16:09.396Z",
        "dateReserved": "2023-01-01T16:14:33.539Z",
        "dateUpdated": "2024-08-07T04:17:10.242Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-5301 (GCVE-0-2020-5301)

    Vulnerability from cvelistv5 – Published: 2020-04-21 19:50 – Updated: 2024-08-04 08:22
    VLAI
    Title
    Information disclosure of source code in SimpleSAMLphp
    Summary
    SimpleSAMLphp versions before 1.18.6 contain an information disclosure vulnerability. The module controller in `SimpleSAML\Module` that processes requests for pages hosted by modules, has code to identify paths ending with `.php` and process those as PHP code. If no other suitable way of handling the given path exists it presents the file to the browser. The check to identify paths ending with `.php` does not account for uppercase letters. If someone requests a path ending with e.g. `.PHP` and the server is serving the code from a case-insensitive file system, such as on Windows, the processing of the PHP code does not occur, and the source code is instead presented to the browser. An attacker may use this issue to gain access to the source code in third-party modules that is meant to be private, or even sensitive. However, the attack surface is considered small, as the attack will only work when SimpleSAMLphp serves such content from a file system that is not case-sensitive, such as on Windows. This issue is fixed in version 1.18.6.
    CWE
    • CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
    Assigner
    References
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T08:22:09.096Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/simplesamlphp/simplesamlphp/security/advisories/GHSA-24m3-w8g9-jwpq"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/simplesamlphp/simplesamlphp/commit/47968d26a2fd3ed52da70dc09210921d612ce44e"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "simplesamlphp",
              "vendor": "simplesamlphp",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 1.18.6"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "SimpleSAMLphp versions before 1.18.6 contain an information disclosure vulnerability. The module controller in `SimpleSAML\\Module` that processes requests for pages hosted by modules, has code to identify paths ending with `.php` and process those as PHP code. If no other suitable way of handling the given path exists it presents the file to the browser. The check to identify paths ending with `.php` does not account for uppercase letters. If someone requests a path ending with e.g. `.PHP` and the server is serving the code from a case-insensitive file system, such as on Windows, the processing of the PHP code does not occur, and the source code is instead presented to the browser. An attacker may use this issue to gain access to the source code in third-party modules that is meant to be private, or even sensitive. However, the attack surface is considered small, as the attack will only work when SimpleSAMLphp serves such content from a file system that is not case-sensitive, such as on Windows. This issue is fixed in version 1.18.6."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 3,
                "baseSeverity": "LOW",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:N/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-200",
                  "description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-04-21T19:50:13.000Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/simplesamlphp/simplesamlphp/security/advisories/GHSA-24m3-w8g9-jwpq"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/simplesamlphp/simplesamlphp/commit/47968d26a2fd3ed52da70dc09210921d612ce44e"
            }
          ],
          "source": {
            "advisory": "GHSA-24m3-w8g9-jwpq",
            "discovery": "UNKNOWN"
          },
          "title": "Information disclosure of source code in SimpleSAMLphp",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security-advisories@github.com",
              "ID": "CVE-2020-5301",
              "STATE": "PUBLIC",
              "TITLE": "Information disclosure of source code in SimpleSAMLphp"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "simplesamlphp",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "\u003c 1.18.6"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "simplesamlphp"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "SimpleSAMLphp versions before 1.18.6 contain an information disclosure vulnerability. The module controller in `SimpleSAML\\Module` that processes requests for pages hosted by modules, has code to identify paths ending with `.php` and process those as PHP code. If no other suitable way of handling the given path exists it presents the file to the browser. The check to identify paths ending with `.php` does not account for uppercase letters. If someone requests a path ending with e.g. `.PHP` and the server is serving the code from a case-insensitive file system, such as on Windows, the processing of the PHP code does not occur, and the source code is instead presented to the browser. An attacker may use this issue to gain access to the source code in third-party modules that is meant to be private, or even sensitive. However, the attack surface is considered small, as the attack will only work when SimpleSAMLphp serves such content from a file system that is not case-sensitive, such as on Windows. This issue is fixed in version 1.18.6."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 3,
                "baseSeverity": "LOW",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:N/A:N",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://github.com/simplesamlphp/simplesamlphp/security/advisories/GHSA-24m3-w8g9-jwpq",
                  "refsource": "CONFIRM",
                  "url": "https://github.com/simplesamlphp/simplesamlphp/security/advisories/GHSA-24m3-w8g9-jwpq"
                },
                {
                  "name": "https://github.com/simplesamlphp/simplesamlphp/commit/47968d26a2fd3ed52da70dc09210921d612ce44e",
                  "refsource": "MISC",
                  "url": "https://github.com/simplesamlphp/simplesamlphp/commit/47968d26a2fd3ed52da70dc09210921d612ce44e"
                }
              ]
            },
            "source": {
              "advisory": "GHSA-24m3-w8g9-jwpq",
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2020-5301",
        "datePublished": "2020-04-21T19:50:13.000Z",
        "dateReserved": "2020-01-02T00:00:00.000Z",
        "dateUpdated": "2024-08-04T08:22:09.096Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-5226 (GCVE-0-2020-5226)

    Vulnerability from cvelistv5 – Published: 2020-01-24 21:15 – Updated: 2024-08-04 08:22
    VLAI
    Title
    Cross-site scripting in SimpleSAMLphp
    Summary
    Cross-site scripting in SimpleSAMLphp before version 1.18.4. The www/erroreport.php script allows error reports to be submitted and sent to the system administrator. Starting with SimpleSAMLphp 1.18.0, a new SimpleSAML\Utils\EMail class was introduced to handle sending emails, implemented as a wrapper of an external dependency. This new wrapper allows us to use Twig templates in order to create the email sent with an error report. Since Twig provides automatic escaping of variables, manual escaping of the free-text field in www/errorreport.php was removed to avoid double escaping. However, for those not using the new user interface yet, an email template is hardcoded into the class itself in plain PHP. Since no escaping is provided in this template, it is then possible to inject HTML inside the template by manually crafting the contents of the free-text field.
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    References
    Impacted products
    Vendor Product Version
    simplesamlphp SimpleSAMLphp Affected: >= 1.18.0, < 1.18.4
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T08:22:08.731Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/simplesamlphp/simplesamlphp/security/advisories/GHSA-mj9p-v2r8-wf8w"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://simplesamlphp.org/security/202001-01"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "SimpleSAMLphp",
              "vendor": "simplesamlphp",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003e= 1.18.0, \u003c 1.18.4"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-site scripting in SimpleSAMLphp before version 1.18.4. The www/erroreport.php script allows error reports to be submitted and sent to the system administrator. Starting with SimpleSAMLphp 1.18.0, a new SimpleSAML\\Utils\\EMail class was introduced to handle sending emails, implemented as a wrapper of an external dependency. This new wrapper allows us to use Twig templates in order to create the email sent with an error report. Since Twig provides automatic escaping of variables, manual escaping of the free-text field in www/errorreport.php was removed to avoid double escaping. However, for those not using the new user interface yet, an email template is hardcoded into the class itself in plain PHP. Since no escaping is provided in this template, it is then possible to inject HTML inside the template by manually crafting the contents of the free-text field."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-01-24T21:15:15.000Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/simplesamlphp/simplesamlphp/security/advisories/GHSA-mj9p-v2r8-wf8w"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://simplesamlphp.org/security/202001-01"
            }
          ],
          "source": {
            "advisory": "GHSA-mj9p-v2r8-wf8w",
            "discovery": "UNKNOWN"
          },
          "title": "Cross-site scripting in SimpleSAMLphp",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security-advisories@github.com",
              "ID": "CVE-2020-5226",
              "STATE": "PUBLIC",
              "TITLE": "Cross-site scripting in SimpleSAMLphp"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "SimpleSAMLphp",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "\u003e= 1.18.0, \u003c 1.18.4"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "simplesamlphp"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Cross-site scripting in SimpleSAMLphp before version 1.18.4. The www/erroreport.php script allows error reports to be submitted and sent to the system administrator. Starting with SimpleSAMLphp 1.18.0, a new SimpleSAML\\Utils\\EMail class was introduced to handle sending emails, implemented as a wrapper of an external dependency. This new wrapper allows us to use Twig templates in order to create the email sent with an error report. Since Twig provides automatic escaping of variables, manual escaping of the free-text field in www/errorreport.php was removed to avoid double escaping. However, for those not using the new user interface yet, an email template is hardcoded into the class itself in plain PHP. Since no escaping is provided in this template, it is then possible to inject HTML inside the template by manually crafting the contents of the free-text field."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://github.com/simplesamlphp/simplesamlphp/security/advisories/GHSA-mj9p-v2r8-wf8w",
                  "refsource": "CONFIRM",
                  "url": "https://github.com/simplesamlphp/simplesamlphp/security/advisories/GHSA-mj9p-v2r8-wf8w"
                },
                {
                  "name": "https://simplesamlphp.org/security/202001-01",
                  "refsource": "MISC",
                  "url": "https://simplesamlphp.org/security/202001-01"
                }
              ]
            },
            "source": {
              "advisory": "GHSA-mj9p-v2r8-wf8w",
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2020-5226",
        "datePublished": "2020-01-24T21:15:15.000Z",
        "dateReserved": "2020-01-02T00:00:00.000Z",
        "dateUpdated": "2024-08-04T08:22:08.731Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-5225 (GCVE-0-2020-5225)

    Vulnerability from cvelistv5 – Published: 2020-01-24 20:55 – Updated: 2024-08-04 08:22
    VLAI
    Title
    Log injection in SimpleSAMLphp
    Summary
    Log injection in SimpleSAMLphp before version 1.18.4. The www/erroreport.php script, which receives error reports and sends them via email to the system administrator, did not properly sanitize the report identifier obtained from the request. This allows an attacker, under specific circumstances, to inject new log lines by manually crafting this report ID. When configured to use the file logging handler, SimpleSAMLphp will output all its logs by appending each log line to a given file. Since the reportID parameter received in a request sent to www/errorreport.php was not properly sanitized, it was possible to inject newline characters into it, effectively allowing a malicious user to inject new log lines with arbitrary content.
    CWE
    • CWE-532 - Inclusion of Sensitive Information in Log Files
    Assigner
    References
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T08:22:08.946Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/simplesamlphp/simplesamlphp/security/advisories/GHSA-6gc6-m364-85ww"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://simplesamlphp.org/security/202001-02"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "SimpleSAMLphp",
              "vendor": "simplesamlphp",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 1.18.4"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Log injection in SimpleSAMLphp before version 1.18.4. The www/erroreport.php script, which receives error reports and sends them via email to the system administrator, did not properly sanitize the report identifier obtained from the request. This allows an attacker, under specific circumstances, to inject new log lines by manually crafting this report ID. When configured to use the file logging handler, SimpleSAMLphp will output all its logs by appending each log line to a given file. Since the reportID parameter received in a request sent to www/errorreport.php was not properly sanitized, it was possible to inject newline characters into it, effectively allowing a malicious user to inject new log lines with arbitrary content."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-532",
                  "description": "CWE-532: Inclusion of Sensitive Information in Log Files",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-01-24T20:55:14.000Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/simplesamlphp/simplesamlphp/security/advisories/GHSA-6gc6-m364-85ww"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://simplesamlphp.org/security/202001-02"
            }
          ],
          "source": {
            "advisory": "GHSA-6gc6-m364-85ww",
            "discovery": "UNKNOWN"
          },
          "title": "Log injection in SimpleSAMLphp",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security-advisories@github.com",
              "ID": "CVE-2020-5225",
              "STATE": "PUBLIC",
              "TITLE": "Log injection in SimpleSAMLphp"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "SimpleSAMLphp",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "\u003c 1.18.4"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "simplesamlphp"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Log injection in SimpleSAMLphp before version 1.18.4. The www/erroreport.php script, which receives error reports and sends them via email to the system administrator, did not properly sanitize the report identifier obtained from the request. This allows an attacker, under specific circumstances, to inject new log lines by manually crafting this report ID. When configured to use the file logging handler, SimpleSAMLphp will output all its logs by appending each log line to a given file. Since the reportID parameter received in a request sent to www/errorreport.php was not properly sanitized, it was possible to inject newline characters into it, effectively allowing a malicious user to inject new log lines with arbitrary content."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-532: Inclusion of Sensitive Information in Log Files"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://github.com/simplesamlphp/simplesamlphp/security/advisories/GHSA-6gc6-m364-85ww",
                  "refsource": "CONFIRM",
                  "url": "https://github.com/simplesamlphp/simplesamlphp/security/advisories/GHSA-6gc6-m364-85ww"
                },
                {
                  "name": "https://simplesamlphp.org/security/202001-02",
                  "refsource": "MISC",
                  "url": "https://simplesamlphp.org/security/202001-02"
                }
              ]
            },
            "source": {
              "advisory": "GHSA-6gc6-m364-85ww",
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2020-5225",
        "datePublished": "2020-01-24T20:55:14.000Z",
        "dateReserved": "2020-01-02T00:00:00.000Z",
        "dateUpdated": "2024-08-04T08:22:08.946Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-3465 (GCVE-0-2019-3465)

    Vulnerability from cvelistv5 – Published: 2019-11-07 19:12 – Updated: 2024-08-04 19:12
    VLAI
    Summary
    Rob Richards XmlSecLibs, all versions prior to v3.0.3, as used for example by SimpleSAMLphp, performed incorrect validation of cryptographic signatures in XML messages, allowing an authenticated attacker to impersonate others or elevate privileges by creating a crafted XML message.
    Severity
    No CVSS data available.
    CWE
    • Improper Verification of Cryptographic Signature
    Assigner
    References
    Impacted products
    Vendor Product Version
    n/a Rob Richards XmlSecLibs Affected: All versions prior to version 3.0.3
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T19:12:09.411Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "[debian-lts-announce] 20191106 [SECURITY] [DLA 1983-1] simplesamlphp security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2019/11/msg00003.html"
              },
              {
                "name": "20191106 [SECURITY] [DSA 4560-1] simplesamlphp security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "https://seclists.org/bugtraq/2019/Nov/8"
              },
              {
                "name": "DSA-4560",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "https://www.debian.org/security/2019/dsa-4560"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/robrichards/xmlseclibs/commit/0a53d3c3aa87564910cae4ed01416441d3ae0db5"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://simplesamlphp.org/security/201911-01"
              },
              {
                "name": "FEDORA-2019-9a960c8a98",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AB34ILMJ67CUROBOR6YPKB46VHXLOAJ4/"
              },
              {
                "name": "FEDORA-2019-81f61cdceb",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MAWOVYLZKYDCQBLQEJCFAAD3KQTBPHXE/"
              },
              {
                "name": "FEDORA-2019-be01267416",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ESKJTWLE7QZBQ3EKMYXKMBQG3JDEJWM6/"
              },
              {
                "name": "FEDORA-2019-73d0fe1d15",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7KID7C4AZPYYIZQIPSLANP4R2RQR6YK3/"
              },
              {
                "name": "FEDORA-2019-dc90bf093b",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XBSSRV5Q7JFCYO46A3EN624UZ4KXFQ2M/"
              },
              {
                "name": "FEDORA-2019-ec8719a21c",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HBE2SJSXG7J4XYLJ2H6HC2VPPOG2OMUN/"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.tenable.com/security/tns-2019-09"
              },
              {
                "name": "FEDORA-2020-1b95d7a131",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BNFMY5RRLU63P25HEBVDO5KAVI7TX7JV/"
              },
              {
                "name": "FEDORA-2020-46d0f456a9",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BBKVDUZ7G5ZOUO4BFJWLNJ6VOKBQJX5U/"
              },
              {
                "name": "FEDORA-2020-af82229ae5",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OCSR3V6LNWJAD37VQB6M2K7P4RQSCVFG/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Rob Richards XmlSecLibs",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions prior to version 3.0.3"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Rob Richards XmlSecLibs, all versions prior to v3.0.3, as used for example by SimpleSAMLphp, performed incorrect validation of cryptographic signatures in XML messages, allowing an authenticated attacker to impersonate others or elevate privileges by creating a crafted XML message."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Improper Verification of Cryptographic Signature",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-04-25T04:06:13.000Z",
            "orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
            "shortName": "debian"
          },
          "references": [
            {
              "name": "[debian-lts-announce] 20191106 [SECURITY] [DLA 1983-1] simplesamlphp security update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2019/11/msg00003.html"
            },
            {
              "name": "20191106 [SECURITY] [DSA 4560-1] simplesamlphp security update",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "https://seclists.org/bugtraq/2019/Nov/8"
            },
            {
              "name": "DSA-4560",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "https://www.debian.org/security/2019/dsa-4560"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/robrichards/xmlseclibs/commit/0a53d3c3aa87564910cae4ed01416441d3ae0db5"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://simplesamlphp.org/security/201911-01"
            },
            {
              "name": "FEDORA-2019-9a960c8a98",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AB34ILMJ67CUROBOR6YPKB46VHXLOAJ4/"
            },
            {
              "name": "FEDORA-2019-81f61cdceb",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MAWOVYLZKYDCQBLQEJCFAAD3KQTBPHXE/"
            },
            {
              "name": "FEDORA-2019-be01267416",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ESKJTWLE7QZBQ3EKMYXKMBQG3JDEJWM6/"
            },
            {
              "name": "FEDORA-2019-73d0fe1d15",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7KID7C4AZPYYIZQIPSLANP4R2RQR6YK3/"
            },
            {
              "name": "FEDORA-2019-dc90bf093b",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XBSSRV5Q7JFCYO46A3EN624UZ4KXFQ2M/"
            },
            {
              "name": "FEDORA-2019-ec8719a21c",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HBE2SJSXG7J4XYLJ2H6HC2VPPOG2OMUN/"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.tenable.com/security/tns-2019-09"
            },
            {
              "name": "FEDORA-2020-1b95d7a131",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BNFMY5RRLU63P25HEBVDO5KAVI7TX7JV/"
            },
            {
              "name": "FEDORA-2020-46d0f456a9",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BBKVDUZ7G5ZOUO4BFJWLNJ6VOKBQJX5U/"
            },
            {
              "name": "FEDORA-2020-af82229ae5",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OCSR3V6LNWJAD37VQB6M2K7P4RQSCVFG/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@debian.org",
              "ID": "CVE-2019-3465",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Rob Richards XmlSecLibs",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "All versions prior to version 3.0.3"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Rob Richards XmlSecLibs, all versions prior to v3.0.3, as used for example by SimpleSAMLphp, performed incorrect validation of cryptographic signatures in XML messages, allowing an authenticated attacker to impersonate others or elevate privileges by creating a crafted XML message."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Improper Verification of Cryptographic Signature"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "[debian-lts-announce] 20191106 [SECURITY] [DLA 1983-1] simplesamlphp security update",
                  "refsource": "MLIST",
                  "url": "https://lists.debian.org/debian-lts-announce/2019/11/msg00003.html"
                },
                {
                  "name": "20191106 [SECURITY] [DSA 4560-1] simplesamlphp security update",
                  "refsource": "BUGTRAQ",
                  "url": "https://seclists.org/bugtraq/2019/Nov/8"
                },
                {
                  "name": "DSA-4560",
                  "refsource": "DEBIAN",
                  "url": "https://www.debian.org/security/2019/dsa-4560"
                },
                {
                  "name": "https://github.com/robrichards/xmlseclibs/commit/0a53d3c3aa87564910cae4ed01416441d3ae0db5",
                  "refsource": "MISC",
                  "url": "https://github.com/robrichards/xmlseclibs/commit/0a53d3c3aa87564910cae4ed01416441d3ae0db5"
                },
                {
                  "name": "https://simplesamlphp.org/security/201911-01",
                  "refsource": "MISC",
                  "url": "https://simplesamlphp.org/security/201911-01"
                },
                {
                  "name": "FEDORA-2019-9a960c8a98",
                  "refsource": "FEDORA",
                  "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AB34ILMJ67CUROBOR6YPKB46VHXLOAJ4/"
                },
                {
                  "name": "FEDORA-2019-81f61cdceb",
                  "refsource": "FEDORA",
                  "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MAWOVYLZKYDCQBLQEJCFAAD3KQTBPHXE/"
                },
                {
                  "name": "FEDORA-2019-be01267416",
                  "refsource": "FEDORA",
                  "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ESKJTWLE7QZBQ3EKMYXKMBQG3JDEJWM6/"
                },
                {
                  "name": "FEDORA-2019-73d0fe1d15",
                  "refsource": "FEDORA",
                  "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7KID7C4AZPYYIZQIPSLANP4R2RQR6YK3/"
                },
                {
                  "name": "FEDORA-2019-dc90bf093b",
                  "refsource": "FEDORA",
                  "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XBSSRV5Q7JFCYO46A3EN624UZ4KXFQ2M/"
                },
                {
                  "name": "FEDORA-2019-ec8719a21c",
                  "refsource": "FEDORA",
                  "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HBE2SJSXG7J4XYLJ2H6HC2VPPOG2OMUN/"
                },
                {
                  "name": "https://www.tenable.com/security/tns-2019-09",
                  "refsource": "CONFIRM",
                  "url": "https://www.tenable.com/security/tns-2019-09"
                },
                {
                  "name": "FEDORA-2020-1b95d7a131",
                  "refsource": "FEDORA",
                  "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BNFMY5RRLU63P25HEBVDO5KAVI7TX7JV/"
                },
                {
                  "name": "FEDORA-2020-46d0f456a9",
                  "refsource": "FEDORA",
                  "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BBKVDUZ7G5ZOUO4BFJWLNJ6VOKBQJX5U/"
                },
                {
                  "name": "FEDORA-2020-af82229ae5",
                  "refsource": "FEDORA",
                  "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OCSR3V6LNWJAD37VQB6M2K7P4RQSCVFG/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
        "assignerShortName": "debian",
        "cveId": "CVE-2019-3465",
        "datePublished": "2019-11-07T19:12:33.000Z",
        "dateReserved": "2018-12-31T00:00:00.000Z",
        "dateUpdated": "2024-08-04T19:12:09.411Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2011-4625 (GCVE-0-2011-4625)

    Vulnerability from cvelistv5 – Published: 2019-11-06 14:53 – Updated: 2024-08-07 00:09
    VLAI
    Summary
    simplesamlphp before 1.6.3 (squeeze) and before 1.8.2 (sid) incorrectly handles XML encryption which could allow remote attackers to decrypt or forge messages.
    Severity
    No CVSS data available.
    CWE
    • Cryptography
    Assigner
    References
    Impacted products
    Date Public
    2012-02-11 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T00:09:19.359Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://security-tracker.debian.org/tracker/CVE-2011-4625"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.mageni.net/1.3.6.1.4.1.25623.1.0.70545"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "simplesamlphp",
              "vendor": "simplesamlphp",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.13.1-2"
                }
              ]
            }
          ],
          "datePublic": "2012-02-11T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "simplesamlphp before 1.6.3 (squeeze) and before 1.8.2 (sid) incorrectly handles XML encryption which could allow remote attackers to decrypt or forge messages."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Cryptography",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-11-06T14:53:31.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://security-tracker.debian.org/tracker/CVE-2011-4625"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.mageni.net/1.3.6.1.4.1.25623.1.0.70545"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secalert@redhat.com",
              "ID": "CVE-2011-4625",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "simplesamlphp",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "1.13.1-2"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "simplesamlphp"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "simplesamlphp before 1.6.3 (squeeze) and before 1.8.2 (sid) incorrectly handles XML encryption which could allow remote attackers to decrypt or forge messages."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Cryptography"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://security-tracker.debian.org/tracker/CVE-2011-4625",
                  "refsource": "MISC",
                  "url": "https://security-tracker.debian.org/tracker/CVE-2011-4625"
                },
                {
                  "name": "https://www.mageni.net/1.3.6.1.4.1.25623.1.0.70545",
                  "refsource": "MISC",
                  "url": "https://www.mageni.net/1.3.6.1.4.1.25623.1.0.70545"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2011-4625",
        "datePublished": "2019-11-06T14:53:31.000Z",
        "dateReserved": "2011-11-29T00:00:00.000Z",
        "dateUpdated": "2024-08-07T00:09:19.359Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }