Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS1xYzQzLTc4dmotdmc3cM4AATfU
SimpleSAMLphp Authentication context bypass in the multiauth module
The multiauth module in SimpleSAMLphp 1.14.13 and earlier allows remote attackers to bypass authentication context restrictions and use an authentication source defined in config/authsources.php via vectors related to improper validation of user input.
Permalink: https://github.com/advisories/GHSA-qc43-78vj-vg7pJSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1xYzQzLTc4dmotdmc3cM4AATfU
Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: almost 2 years ago
Updated: 10 days ago
CVSS Score: 7.5
CVSS vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Identifiers: GHSA-qc43-78vj-vg7p, CVE-2017-12869
References:
- https://nvd.nist.gov/vuln/detail/CVE-2017-12869
- https://lists.debian.org/debian-lts-announce/2017/12/msg00007.html
- https://simplesamlphp.org/security/201704-02
- https://www.debian.org/security/2018/dsa-4127
- https://github.com/FriendsOfPHP/security-advisories/blob/master/simplesamlphp/simplesamlphp/CVE-2017-12869.yaml
- https://github.com/simplesamlphp/simplesamlphp/blob/de98fc5bb663feea16686ae77958f759b4a7638d/docs/simplesamlphp-changelog-1.x.md?plain=1#L902C64-L902C79
- https://github.com/advisories/GHSA-qc43-78vj-vg7p
Blast Radius: 18.8
Affected Packages
packagist:simplesamlphp/simplesamlphp
Dependent packages: 163Dependent repositories: 318
Downloads: 8,356,560 total
Affected Version Ranges: < 1.14.14
Fixed in: 1.14.14
All affected versions: 1.12.0, 1.13.0, 1.13.1, 1.13.2, 1.14.0, 1.14.1, 1.14.2, 1.14.3, 1.14.4, 1.14.5, 1.14.6, 1.14.7, 1.14.8, 1.14.9, 1.14.10, 1.14.11, 1.14.12, 1.14.13
All unaffected versions: 1.14.14, 1.14.15, 1.14.16, 1.14.17, 1.15.0, 1.15.1, 1.15.2, 1.15.3, 1.15.4, 1.16.0, 1.16.1, 1.16.2, 1.16.3, 1.17.0, 1.17.1, 1.17.2, 1.17.3, 1.17.4, 1.17.5, 1.17.6, 1.17.7, 1.17.8, 1.18.0, 1.18.1, 1.18.2, 1.18.3, 1.18.4, 1.18.5, 1.18.6, 1.18.7, 1.18.8, 1.18.9, 1.19.0, 1.19.1, 1.19.2, 1.19.3, 1.19.4, 1.19.5, 1.19.6, 1.19.7, 1.19.8, 1.19.9, 2.0.0, 2.0.1, 2.0.2, 2.0.2, 2.0.3, 2.0.4, 2.0.5, 2.0.6, 2.0.7, 2.0.8, 2.0.9, 2.0.10, 2.0.11, 2.0.12, 2.1.0, 2.1.1, 2.1.2, 2.1.3, 2.1.4, 2.1.5, 2.1.6, 2.2.0, 2.2.0, 2.2.1, 2.2.2, 99.99.99