cvelistv5 - cve-2024-52596

CVE-2024-52596 (GCVE-0-2024-52596)

Vulnerability from cvelistv5 – Published: 2024-12-02 16:24 – Updated: 2024-12-02 18:36

Summary

SimpleSAMLphp xml-common is a common classes for handling XML-structures. When loading an (untrusted) XML document, for example the SAMLResponse, it's possible to induce an XXE. This vulnerability is fixed in 1.19.0.

Severity ?

8.8 (High)


                        
                          CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:H/SC:L/SI:L/SA:N

CWE

CWE-611 - Improper Restriction of XML External Entity Reference

Assigner

GitHub_M

References

URL

Tags

	https://github.com/simplesamlphp/xml-common/secur…	x_refsource_CONFIRM
	https://github.com/simplesamlphp/xml-common/commi…	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	simplesamlphp	xml-common	Affected: < 1.20.0

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-12-02T17:02:40.705Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2024/12/msg00001.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:simplesamlphp:xml-common:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "xml-common",
            "vendor": "simplesamlphp",
            "versions": [
              {
                "lessThan": "1.20.0",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-52596",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-12-02T18:32:34.951320Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-12-02T18:36:23.399Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "xml-common",
          "vendor": "simplesamlphp",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 1.20.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "SimpleSAMLphp xml-common is a common classes for handling XML-structures. When loading an (untrusted) XML document, for example the SAMLResponse, it\u0027s possible to induce an XXE. This vulnerability is fixed in 1.19.0."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "privilegesRequired": "NONE",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "LOW",
            "subIntegrityImpact": "LOW",
            "userInteraction": "NONE",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:H/SC:L/SI:L/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "NONE"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-611",
              "description": "CWE-611: Improper Restriction of XML External Entity Reference",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-12-02T16:24:49.591Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/simplesamlphp/xml-common/security/advisories/GHSA-2x65-fpch-2fcm",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/simplesamlphp/xml-common/security/advisories/GHSA-2x65-fpch-2fcm"
        },
        {
          "name": "https://github.com/simplesamlphp/xml-common/commit/fa4ade391c3194466acf5fbfd5d2ecdbf5e831f5",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/simplesamlphp/xml-common/commit/fa4ade391c3194466acf5fbfd5d2ecdbf5e831f5"
        }
      ],
      "source": {
        "advisory": "GHSA-2x65-fpch-2fcm",
        "discovery": "UNKNOWN"
      },
      "title": "SimpleSAMLphp xml-common XXE vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2024-52596",
    "datePublished": "2024-12-02T16:24:49.591Z",
    "dateReserved": "2024-11-14T15:05:46.769Z",
    "dateUpdated": "2024-12-02T18:36:23.399Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "descriptions": "[{\"lang\": \"en\", \"value\": \"SimpleSAMLphp xml-common is a common classes for handling XML-structures. When loading an (untrusted) XML document, for example the SAMLResponse, it\u0027s possible to induce an XXE. This vulnerability is fixed in 1.19.0.\"}, {\"lang\": \"es\", \"value\": \" SimpleSAMLphp xml-common es una clase com\\u00fan para manejar estructuras XML. Al cargar un documento XML (no confiable), por ejemplo SAMLResponse, es posible inducir un XXE. Esta vulnerabilidad se solucion\\u00f3 en la versi\\u00f3n 1.19.0.\"}]",
      "id": "CVE-2024-52596",
      "lastModified": "2024-12-02T17:15:12.353",
      "metrics": "{\"cvssMetricV40\": [{\"source\": \"security-advisories@github.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"4.0\", \"vectorString\": \"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:H/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X\", \"baseScore\": 8.8, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"attackRequirements\": \"NONE\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"vulnerableSystemConfidentiality\": \"HIGH\", \"vulnerableSystemIntegrity\": \"NONE\", \"vulnerableSystemAvailability\": \"HIGH\", \"subsequentSystemConfidentiality\": \"LOW\", \"subsequentSystemIntegrity\": \"LOW\", \"subsequentSystemAvailability\": \"NONE\", \"exploitMaturity\": \"NOT_DEFINED\", \"confidentialityRequirements\": \"NOT_DEFINED\", \"integrityRequirements\": \"NOT_DEFINED\", \"availabilityRequirements\": \"NOT_DEFINED\", \"modifiedAttackVector\": \"NOT_DEFINED\", \"modifiedAttackComplexity\": \"NOT_DEFINED\", \"modifiedAttackRequirements\": \"NOT_DEFINED\", \"modifiedPrivilegesRequired\": \"NOT_DEFINED\", \"modifiedUserInteraction\": \"NOT_DEFINED\", \"modifiedVulnerableSystemConfidentiality\": \"NOT_DEFINED\", \"modifiedVulnerableSystemIntegrity\": \"NOT_DEFINED\", \"modifiedVulnerableSystemAvailability\": \"NOT_DEFINED\", \"modifiedSubsequentSystemConfidentiality\": \"NOT_DEFINED\", \"modifiedSubsequentSystemIntegrity\": \"NOT_DEFINED\", \"modifiedSubsequentSystemAvailability\": \"NOT_DEFINED\", \"safety\": \"NOT_DEFINED\", \"automatable\": \"NOT_DEFINED\", \"recovery\": \"NOT_DEFINED\", \"valueDensity\": \"NOT_DEFINED\", \"vulnerabilityResponseEffort\": \"NOT_DEFINED\", \"providerUrgency\": \"NOT_DEFINED\"}}]}",
      "published": "2024-12-02T17:15:12.353",
      "references": "[{\"url\": \"https://github.com/simplesamlphp/xml-common/commit/fa4ade391c3194466acf5fbfd5d2ecdbf5e831f5\", \"source\": \"security-advisories@github.com\"}, {\"url\": \"https://github.com/simplesamlphp/xml-common/security/advisories/GHSA-2x65-fpch-2fcm\", \"source\": \"security-advisories@github.com\"}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2024/12/msg00001.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "security-advisories@github.com",
      "vulnStatus": "Awaiting Analysis",
      "weaknesses": "[{\"source\": \"security-advisories@github.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-611\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2024-52596\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2024-12-02T17:15:12.353\",\"lastModified\":\"2024-12-02T17:15:12.353\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"SimpleSAMLphp xml-common is a common classes for handling XML-structures. When loading an (untrusted) XML document, for example the SAMLResponse, it\u0027s possible to induce an XXE. This vulnerability is fixed in 1.19.0.\"},{\"lang\":\"es\",\"value\":\" SimpleSAMLphp xml-common es una clase com\u00fan para manejar estructuras XML. Al cargar un documento XML (no confiable), por ejemplo SAMLResponse, es posible inducir un XXE. Esta vulnerabilidad se solucion\u00f3 en la versi\u00f3n 1.19.0.\"}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:H/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"attackRequirements\":\"NONE\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"vulnConfidentialityImpact\":\"HIGH\",\"vulnIntegrityImpact\":\"NONE\",\"vulnAvailabilityImpact\":\"HIGH\",\"subConfidentialityImpact\":\"LOW\",\"subIntegrityImpact\":\"LOW\",\"subAvailabilityImpact\":\"NONE\",\"exploitMaturity\":\"NOT_DEFINED\",\"confidentialityRequirement\":\"NOT_DEFINED\",\"integrityRequirement\":\"NOT_DEFINED\",\"availabilityRequirement\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedVulnIntegrityImpact\":\"NOT_DEFINED\",\"modifiedVulnAvailabilityImpact\":\"NOT_DEFINED\",\"modifiedSubConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedSubIntegrityImpact\":\"NOT_DEFINED\",\"modifiedSubAvailabilityImpact\":\"NOT_DEFINED\",\"Safety\":\"NOT_DEFINED\",\"Automatable\":\"NOT_DEFINED\",\"Recovery\":\"NOT_DEFINED\",\"valueDensity\":\"NOT_DEFINED\",\"vulnerabilityResponseEffort\":\"NOT_DEFINED\",\"providerUrgency\":\"NOT_DEFINED\"}}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-611\"}]}],\"references\":[{\"url\":\"https://github.com/simplesamlphp/xml-common/commit/fa4ade391c3194466acf5fbfd5d2ecdbf5e831f5\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/simplesamlphp/xml-common/security/advisories/GHSA-2x65-fpch-2fcm\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://lists.debian.org/debian-lts-announce/2024/12/msg00001.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://lists.debian.org/debian-lts-announce/2024/12/msg00001.html\"}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-12-02T17:02:40.705Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-52596\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-12-02T18:32:34.951320Z\"}}}], \"affected\": [{\"cpes\": [\"cpe:2.3:a:simplesamlphp:xml-common:*:*:*:*:*:*:*:*\"], \"vendor\": \"simplesamlphp\", \"product\": \"xml-common\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"1.20.0\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-12-02T18:36:17.532Z\"}}], \"cna\": {\"title\": \"SimpleSAMLphp xml-common XXE vulnerability\", \"source\": {\"advisory\": \"GHSA-2x65-fpch-2fcm\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV4_0\": {\"version\": \"4.0\", \"baseScore\": 8.8, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:H/SC:L/SI:L/SA:N\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"attackRequirements\": \"NONE\", \"privilegesRequired\": \"NONE\", \"subIntegrityImpact\": \"LOW\", \"vulnIntegrityImpact\": \"NONE\", \"subAvailabilityImpact\": \"NONE\", \"vulnAvailabilityImpact\": \"HIGH\", \"subConfidentialityImpact\": \"LOW\", \"vulnConfidentialityImpact\": \"HIGH\"}}], \"affected\": [{\"vendor\": \"simplesamlphp\", \"product\": \"xml-common\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003c 1.20.0\"}]}], \"references\": [{\"url\": \"https://github.com/simplesamlphp/xml-common/security/advisories/GHSA-2x65-fpch-2fcm\", \"name\": \"https://github.com/simplesamlphp/xml-common/security/advisories/GHSA-2x65-fpch-2fcm\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://github.com/simplesamlphp/xml-common/commit/fa4ade391c3194466acf5fbfd5d2ecdbf5e831f5\", \"name\": \"https://github.com/simplesamlphp/xml-common/commit/fa4ade391c3194466acf5fbfd5d2ecdbf5e831f5\", \"tags\": [\"x_refsource_MISC\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"SimpleSAMLphp xml-common is a common classes for handling XML-structures. When loading an (untrusted) XML document, for example the SAMLResponse, it\u0027s possible to induce an XXE. This vulnerability is fixed in 1.19.0.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-611\", \"description\": \"CWE-611: Improper Restriction of XML External Entity Reference\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2024-12-02T16:24:49.591Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2024-52596\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-12-02T18:36:23.399Z\", \"dateReserved\": \"2024-11-14T15:05:46.769Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2024-12-02T16:24:49.591Z\", \"assignerShortName\": \"GitHub_M\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

GHSA-2X65-FPCH-2FCM

Vulnerability from github – Published: 2024-12-02 17:14 – Updated: 2024-12-12 22:19

Summary

SimpleSAMLphp xml-common XXE vulnerability

Details

Summary

When loading an (untrusted) XML document, for example the SAMLResponse, it's possible to induce an XXE.

$options is defined as: https://github.com/simplesamlphp/xml-common/blob/v1.19.0/src/DOMDocumentFactory.php#L39 including the DTDLoad option, which allows an attacker to read file contents from local file system OR internal network.

While there is the NONET option, an attacker can simply bypass if by using PHP filters: php://filter/convert.base64-encode/resource=http://URL OR FILE

From there an attacker can induce network connections and steal the targeted file OOB (haven't fully tested this).

RCE may be possible with the php://expect or php://phar wrappers, but this hasn't been tested.

Note: The mitigation here: https://github.com/simplesamlphp/xml-common/blob/v1.19.0/src/DOMDocumentFactory.php#L58 Comes too late, as the XML has already been loaded into a document. Mitigation:

Remove the LIBXML_DTDLOAD | LIBXML_DTDATTR options. Additionally, as a defense in depth measure, check if there is the string: <!DOCTYPE inside the XML before parsing it. (This is not a complete fix because someone may be able to exploit some parser differentials, to load a DOCTYPE, maybe through spacing like: <! DOCTYPE)

Severity ?

8.8 (High)


                  
                    CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:H/SC:L/SI:L/SA:N

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c 1.20"
      },
      "package": {
        "ecosystem": "Packagist",
        "name": "simplesamlphp/xml-common"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.20.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2024-52596"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-611"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2024-12-02T17:14:30Z",
    "nvd_published_at": "2024-12-02T17:15:12Z",
    "severity": "HIGH"
  },
  "details": "Summary\n\nWhen loading an (untrusted) XML document, for example the SAMLResponse, it\u0027s possible to induce an XXE.\n\n$options is defined as: https://github.com/simplesamlphp/xml-common/blob/v1.19.0/src/DOMDocumentFactory.php#L39\nincluding the DTDLoad option, which allows an attacker to read file contents from local file system OR internal network.\n\nWhile there is the NONET option, an attacker can simply bypass if by using PHP filters:\nphp://filter/convert.base64-encode/resource=http://URL OR FILE\n\nFrom there an attacker can induce network connections and steal the targeted file OOB (haven\u0027t fully tested this).\n\nRCE may be possible with the php://expect or php://phar wrappers, but this hasn\u0027t been tested.\n\nNote:\nThe mitigation here:\nhttps://github.com/simplesamlphp/xml-common/blob/v1.19.0/src/DOMDocumentFactory.php#L58\nComes too late, as the XML has already been loaded into a document.\nMitigation:\n\nRemove the LIBXML_DTDLOAD | LIBXML_DTDATTR options.\nAdditionally, as a defense in depth measure, check if there is the string: \u003c!DOCTYPE inside the XML before parsing it. (This is not a complete fix because someone may be able to exploit some parser differentials, to load a DOCTYPE, maybe through spacing like: \u003c! DOCTYPE)",
  "id": "GHSA-2x65-fpch-2fcm",
  "modified": "2024-12-12T22:19:57Z",
  "published": "2024-12-02T17:14:30Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/simplesamlphp/xml-common/security/advisories/GHSA-2x65-fpch-2fcm"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-52596"
    },
    {
      "type": "WEB",
      "url": "https://github.com/simplesamlphp/xml-common/commit/fa4ade391c3194466acf5fbfd5d2ecdbf5e831f5"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/simplesamlphp/xml-common"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2024/12/msg00001.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:H/SC:L/SI:L/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "SimpleSAMLphp xml-common XXE vulnerability"
}

FKIE_CVE-2024-52596

Vulnerability from fkie_nvd - Published: 2024-12-02 17:15 - Updated: 2024-12-02 17:15

Severity ?

8.8 (High) - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:H/SC:L/SI:L/SA:N

Summary

References

	URL	Tags
	security-advisories@github.com	https://github.com/simplesamlphp/xml-common/commit/fa4ade391c3194466acf5fbfd5d2ecdbf5e831f5
	security-advisories@github.com	https://github.com/simplesamlphp/xml-common/security/advisories/GHSA-2x65-fpch-2fcm
	af854a3a-2127-422b-91ae-364da2661108	https://lists.debian.org/debian-lts-announce/2024/12/msg00001.html

Impacted products

	Vendor	Product	Version

JSON

To clipboard

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "SimpleSAMLphp xml-common is a common classes for handling XML-structures. When loading an (untrusted) XML document, for example the SAMLResponse, it\u0027s possible to induce an XXE. This vulnerability is fixed in 1.19.0."
    },
    {
      "lang": "es",
      "value": " SimpleSAMLphp xml-common es una clase com\u00fan para manejar estructuras XML. Al cargar un documento XML (no confiable), por ejemplo SAMLResponse, es posible inducir un XXE. Esta vulnerabilidad se solucion\u00f3 en la versi\u00f3n 1.19.0."
    }
  ],
  "id": "CVE-2024-52596",
  "lastModified": "2024-12-02T17:15:12.353",
  "metrics": {
    "cvssMetricV40": [
      {
        "cvssData": {
          "Automatable": "NOT_DEFINED",
          "Recovery": "NOT_DEFINED",
          "Safety": "NOT_DEFINED",
          "attackComplexity": "LOW",
          "attackRequirements": "NONE",
          "attackVector": "NETWORK",
          "availabilityRequirement": "NOT_DEFINED",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityRequirement": "NOT_DEFINED",
          "exploitMaturity": "NOT_DEFINED",
          "integrityRequirement": "NOT_DEFINED",
          "modifiedAttackComplexity": "NOT_DEFINED",
          "modifiedAttackRequirements": "NOT_DEFINED",
          "modifiedAttackVector": "NOT_DEFINED",
          "modifiedPrivilegesRequired": "NOT_DEFINED",
          "modifiedSubAvailabilityImpact": "NOT_DEFINED",
          "modifiedSubConfidentialityImpact": "NOT_DEFINED",
          "modifiedSubIntegrityImpact": "NOT_DEFINED",
          "modifiedUserInteraction": "NOT_DEFINED",
          "modifiedVulnAvailabilityImpact": "NOT_DEFINED",
          "modifiedVulnConfidentialityImpact": "NOT_DEFINED",
          "modifiedVulnIntegrityImpact": "NOT_DEFINED",
          "privilegesRequired": "NONE",
          "providerUrgency": "NOT_DEFINED",
          "subAvailabilityImpact": "NONE",
          "subConfidentialityImpact": "LOW",
          "subIntegrityImpact": "LOW",
          "userInteraction": "NONE",
          "valueDensity": "NOT_DEFINED",
          "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:H/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
          "version": "4.0",
          "vulnAvailabilityImpact": "HIGH",
          "vulnConfidentialityImpact": "HIGH",
          "vulnIntegrityImpact": "NONE",
          "vulnerabilityResponseEffort": "NOT_DEFINED"
        },
        "source": "security-advisories@github.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2024-12-02T17:15:12.353",
  "references": [
    {
      "source": "security-advisories@github.com",
      "url": "https://github.com/simplesamlphp/xml-common/commit/fa4ade391c3194466acf5fbfd5d2ecdbf5e831f5"
    },
    {
      "source": "security-advisories@github.com",
      "url": "https://github.com/simplesamlphp/xml-common/security/advisories/GHSA-2x65-fpch-2fcm"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.debian.org/debian-lts-announce/2024/12/msg00001.html"
    }
  ],
  "sourceIdentifier": "security-advisories@github.com",
  "vulnStatus": "Awaiting Analysis",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-611"
        }
      ],
      "source": "security-advisories@github.com",
      "type": "Secondary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2024-52596 (GCVE-0-2024-52596)

GHSA-2X65-FPCH-2FCM

FKIE_CVE-2024-52596

Tags

Sightings

Nomenclature