PT-2024-35392 · Unknown · Simplesamlphp

Name of the Vulnerable Software and Affected Versions: SimpleSAMLphp xml-common versions prior to 1.19.0 Description: The issue arises when loading an untrusted XML document, such as the SAMLResponse, allowing an attacker to induce an XML External Entity XXE attack. This could potentially enable ...

DSA-5822-1 simplesamlphp - security update

Bulletin has no description...

Debian dsa-5822 : simplesamlphp - security update

The remote Debian 12 host has a package installed that is affected by a vulnerability as referenced in the dsa-5822 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-5822-1 [email protected] https://www.debian.org/security/...

DLA-3981-1 simplesamlphp - security update

Bulletin has no description...

Debian dla-3981 : simplesamlphp - security update

The remote Debian 11 host has a package installed that is affected by a vulnerability as referenced in the dla-3981 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3981-1 [email protected] https://www.debian.org/lts/security/...

Insufficiently Protected Credentials

SimpleSAMLphp is vulnerable to Insufficiently Protected Credentials. The vulnerability is due to credentials being insecurely saved to the user's session state when the ECP profile is disabled but supported in the Identity Provider's metadata, which could result in an attacker with administrator...

Cross-site Scripting (XSS)

SimpleSAMLphp is vulnerable to Cross-site Scripting XSS. The vulnerability is due to unvalidated metadata endpoints, allowing malicious parties to substitute URLs with JavaScript code, leading to execution of the code in the user's browser if strict Content Security Policies are not enforced...

Information Disclosure

simplesamlphp/simplesamlphp is vulnerable to Information Disclosure. The vulnerability is due to insufficient access controls on the admin interface endpoint, allowing unauthenticated users to view sensitive information about the host where SimpleSAMLphp is installed...

Open Redirect

simplesamlphp/simplesamlphp is vulnerable to Open Redirect. The vulnerability is due to improper validation of URLs in request parameters, allowing an attacker to redirect a user to a malicious site...

GHSA-PPM4-R2VC-PG74 SimpleSAMLphp Information Disclosure vulnerability

Background SimpleSAMLphp 1.17 includes a preview of the new user interface to be included in the future version 2.0. This new user interface can be enabled by setting the usenewui configuration option to true, and it includes a new admin interface in a module called admin, which can be disabled...

SimpleSAMLphp Information Disclosure vulnerability

Background SimpleSAMLphp 1.17 includes a preview of the new user interface to be included in the future version 2.0. This new user interface can be enabled by setting the usenewui configuration option to true, and it includes a new admin interface in a module called admin, which can be disabled...

GHSA-VPR3-CW3H-PRW8 SimpleSAMLphp Reflected Cross-site Scripting vulnerability

Background SimpleSAMLphp uses metadata to determine how to interact with other SAML entities. This metadata includes what’s called endpoints, which are URLs belonging to that entity where SAML messages can be sent. These URLs are used directly by SimpleSAMLphp when a message is sent, either via a...

SimpleSAMLphp Reflected Cross-site Scripting vulnerability

Background SimpleSAMLphp uses metadata to determine how to interact with other SAML entities. This metadata includes what’s called endpoints, which are URLs belonging to that entity where SAML messages can be sent. These URLs are used directly by SimpleSAMLphp when a message is sent, either via a...

GHSA-7WH8-JRQ7-P27F SimpleSAMLphp exposes credentials in session storage

Background In order to implement support for the SAML Enhanced Client or Proxy profile, the credentials obtained for authentication were stored in the state in order to pass them to the relevant routines. This, however, led to the credentials being recorded in the user’s session, which can be...

SimpleSAMLphp exposes credentials in session storage

Background In order to implement support for the SAML Enhanced Client or Proxy profile, the credentials obtained for authentication were stored in the state in order to pass them to the relevant routines. This, however, led to the credentials being recorded in the user’s session, which can be...

GHSA-V858-922F-FJ9V SimpleSAMLphp Link Injection vulnerability

Background Several scripts part of SimpleSAMLphp display a web page with links obtained from the request parameters. This allows us to enhance usability, as the users are presented with links they can follow after completing a certain action, like logging out. Description The following scripts we...

SimpleSAMLphp Link Injection vulnerability

Background Several scripts part of SimpleSAMLphp display a web page with links obtained from the request parameters. This allows us to enhance usability, as the users are presented with links they can follow after completing a certain action, like logging out. Description The following scripts we...

PT-2024-40273 · Unknown · Simplesamlphp

Name of the Vulnerable Software and Affected Versions: SimpleSAMLphp versions prior to 1.14.17 Description: A signature validation bypass issue has been found in the SimpleSAML XML Validator class, which performs the verification of the XML digital signature of a SAML 1 message with a given key...

PT-2024-40468 · Unknown · Simplesamlphp

Name of the Vulnerable Software and Affected Versions: SimpleSAMLphp versions prior to 1.14.4 Description: The issue allows attackers to display links targeting a malicious website inside a trusted site running SimpleSAMLphp, due to the lack of security checks involving the link href and retryURL...

PT-2024-40484 · Unknown · Simplesamlphp

Name of the Vulnerable Software and Affected Versions: SimpleSAMLphp versions prior to 1.17.3 Description: The issue arises from SimpleSAMLphp's trust in metadata when sending SAML messages to other entities. If a malicious party alters the metadata to include JavaScript code in endpoint URLs,...