5.5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:S/C:P/I:P/A:N
5.4 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
0.001 Low
EPSS
Percentile
22.9%
Log injection in SimpleSAMLphp before version 1.18.4. The
www/erroreport.php script, which receives error reports and sends them via
email to the system administrator, did not properly sanitize the report
identifier obtained from the request. This allows an attacker, under
specific circumstances, to inject new log lines by manually crafting this
report ID. When configured to use the file logging handler, SimpleSAMLphp
will output all its logs by appending each log line to a given file. Since
the reportID parameter received in a request sent to www/errorreport.php
was not properly sanitized, it was possible to inject newline characters
into it, effectively allowing a malicious user to inject new log lines with
arbitrary content.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 18.04 | noarch | simplesamlphp | < any | UNKNOWN |
ubuntu | 16.04 | noarch | simplesamlphp | < any | UNKNOWN |
5.5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:S/C:P/I:P/A:N
5.4 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
0.001 Low
EPSS
Percentile
22.9%