Lucene search
K

9 matches found

RedhatCVE
RedhatCVE
added 2026/06/11 2:59 a.m.13 views

CVE-2026-46491

SimpleSAMLphp-casserver is a CAS 1.0 and 2.0 compliant CAS server in the form of a SimpleSAMLphp module. Prior to version 7.0.3, simplesamlphp-module-casserver builds file paths for the file-based CAS ticket store by directly concatenating the configured ticket directory with an attacker-controll...

8.6CVSS5.5AI score0.00422EPSS
Exploits0References1
NVD
NVD
added 2026/06/10 12:16 a.m.11 views

CVE-2026-46491

SimpleSAMLphp-casserver is a CAS 1.0 and 2.0 compliant CAS server in the form of a SimpleSAMLphp module. Prior to version 7.0.3, simplesamlphp-module-casserver builds file paths for the file-based CAS ticket store by directly concatenating the configured ticket directory with an attacker-controll...

8.6CVSS0.00422EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/09 11:0 p.m.9 views

EUVD-2026-35871

SimpleSAMLphp-casserver is a CAS 1.0 and 2.0 compliant CAS server in the form of a SimpleSAMLphp module. Prior to version 7.0.3, simplesamlphp-module-casserver builds file paths for the file-based CAS ticket store by directly concatenating the configured ticket directory with an attacker-controll...

8.6CVSS5.5AI score0.00422EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/06/09 11:0 p.m.7 views

CVE-2026-46491 SimpleSAMLphp casserver FileSystemTicketStore path traversal allows out-of-ticket-directory read/unserialize and conditional deletion

SimpleSAMLphp-casserver is a CAS 1.0 and 2.0 compliant CAS server in the form of a SimpleSAMLphp module. Prior to version 7.0.3, simplesamlphp-module-casserver builds file paths for the file-based CAS ticket store by directly concatenating the configured ticket directory with an attacker-controll...

8.6CVSS5.5AI score0.00422EPSS
Exploits0References3
CVE
CVE
added 2026/06/09 11:0 p.m.21 views

CVE-2026-46491

CVE-2026-46491 affects the simplesamlphp-module-casserver when using the FileSystemTicketStore. A attacker-controlled ticket identifier is concatenated into the ticket path, enabling path traversal (e.g., ../target.serialized) to read and unserialize files outside the ticket directory. In the CAS...

8.6CVSS5.5AI score0.00422EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/09 11:0 p.m.33 views

CVE-2026-46491 SimpleSAMLphp casserver FileSystemTicketStore path traversal allows out-of-ticket-directory read/unserialize and conditional deletion

SimpleSAMLphp-casserver is a CAS 1.0 and 2.0 compliant CAS server in the form of a SimpleSAMLphp module. Prior to version 7.0.3, simplesamlphp-module-casserver builds file paths for the file-based CAS ticket store by directly concatenating the configured ticket directory with an attacker-controll...

8.6CVSS0.00422EPSS
Exploits0References3
Snyk
Snyk
added 2026/05/15 6:7 p.m.9 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the FileSystemTicketStore process. An attacker can read and unserialize files outside the intended directory, and conditionally delete files, by supplying crafted path traversal sequences in public CAS validation...

8.8CVSS6.3AI score0.00422EPSS
Exploits0References2
OSV
OSV
added 2026/05/15 6:7 p.m.7 views

GHSA-JRRG-99XH-5J2Q SimpleSAMLphp casserver FileSystemTicketStore path traversal allows out-of-ticket-directory read/unserialize and conditional deletion

Summary simplesamlphp-module-casserver builds file paths for the file-based CAS ticket store by directly concatenating the configured ticket directory with an attacker-controlled ticket identifier. Public CAS validation/proxy endpoints pass attacker-controlled ticket / pgt query parameters into...

8.6CVSS5.8AI score0.00422EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/05/15 12:0 a.m.12 views

PT-2026-41399

Name of the Vulnerable Software and Affected Versions simplesamlphp-module-casserver versions prior to 7.0.3 Description The software builds file paths for the file-based CAS ticket store by directly concatenating the configured ticket directory with an attacker-controlled ticket identifier. Publ...

8.6CVSS5.5AI score0.00422EPSS
Exploits0References6
Rows per page
Query Builder