Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2020-5225

Log injection in SimpleSAMLphp before version 1.18.4. The www/erroreport.php script, which receives error reports and sends them via email to the system administrator, did not properly sanitize the report identifier obtained from the request. This allows an attacker, under specific circumstances, to inject new log lines by manually crafting this report ID. When configured to use the file logging handler, SimpleSAMLphp will output all its logs by appending each log line to a given file. Since the reportID parameter received in a request sent to www/errorreport.php was not properly sanitized, it was possible to inject newline characters into it, effectively allowing a malicious user to inject new log lines with arbitrary content.

Published

2020-01-24T21:15:14.987

Last Modified

2024-11-21T05:33:42.910

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 4.4 (MEDIUM)

CVSSv2 Vector

AV:N/AC:L/Au:S/C:P/I:P/A:N

Access Vector: NETWORK
Access Complexity: LOW
Authentication: SINGLE
Confidentiality Impact: PARTIAL
Integrity Impact: PARTIAL
Availability Impact: NONE

Exploitability Score

8.0

Impact Score

4.9

Weaknesses

Type: Secondary
CWE-532
Type: Primary
CWE-532

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	simplesamlphp	simplesamlphp	< 1.18.4	Yes

References

https://github.com/simplesamlphp/simplesamlphp/security/advisories/GHSA-6gc6-m364-85ww Third Party Advisory ([email protected])
https://simplesamlphp.org/security/202001-02 Vendor Advisory ([email protected])
https://github.com/simplesamlphp/simplesamlphp/security/advisories/GHSA-6gc6-m364-85ww Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://simplesamlphp.org/security/202001-02 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)