GHSA-2r3v-q9x3-7g46

Suggest an improvement
Source
https://github.com/advisories/GHSA-2r3v-q9x3-7g46
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2020/01/GHSA-2r3v-q9x3-7g46/GHSA-2r3v-q9x3-7g46.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-2r3v-q9x3-7g46
Published
2020-01-24T21:27:16Z
Modified
2024-12-01T05:38:18.893389Z
Severity
  • 3.7 (Low) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N CVSS Calculator
Summary
Link injection in SimpleSAMLphp
Details

Background

Several scripts part of SimpleSAMLphp display a web page with links obtained from the request parameters. This allows us to enhance usability, as the users are presented with links they can follow after completing a certain action, like logging out.

Description

The following scripts were not checking the URLs obtained via the HTTP request before displaying them as the target of links that the user may click on:

  • www/logout.php
  • modules/core/www/no_cookie.php

The issue allowed attackers to display links targeting a malicious website inside a trusted site running SimpleSAMLphp, due to the lack of security checks involving the link_href and retryURL HTTP parameters, respectively. The issue was resolved by including a verification of the URLs received in the request against a white list of websites specified in the trusted.url.domains configuration option.

Affected versions

All SimpleSAMLphp versions prior to 1.14.4.

Impact

A remote attacker could craft a link pointing to a trusted website running SimpleSAMLphp, including a parameter pointing to a malicious website, and try to fool the victim into visiting that website by clicking on a link in the page presented by SimpleSAMLphp.

Resolution

Upgrade to the latest version.

Credit

This security issue was discovered and reported by John Page (hyp3rlinx).

Database specific 
{
    "nvd_published_at": null,
    "cwe_ids": [
        "CWE-74"
    ],
    "severity": "LOW",
    "github_reviewed": true,
    "github_reviewed_at": "2020-01-24T21:15:56Z"
}
References

Affected packages

Packagist / simplesamlphp/simplesamlphp

Package

Name
simplesamlphp/simplesamlphp
Purl
pkg:composer/simplesamlphp/simplesamlphp

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.14.4

Affected versions

v1.*

v1.12.0
v1.13.0-rc1
v1.13.0-rc2
v1.13.0
v1.13.1
v1.13.2
v1.14.0-rc1
v1.14.0
v1.14.1
v1.14.2
v1.14.3