Homepage
About Snyk

Log Injection Affecting simplesamlphp/simplesamlphp package, versions <1.18.4

0.0
medium

Snyk CVSS

    Attack Complexity High
    User Interaction Required
    Scope Changed

    Threat Intelligence

    EPSS 0.05% (22nd percentile)
Expand this section
NVD
5.4 medium

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk ID SNYK-PHP-SIMPLESAMLPHPSIMPLESAMLPHP-543287
  • published 26 Jan 2020
  • disclosed 24 Jan 2020
  • credit Frederic Vleminckx
Report a new vulnerability Found a mistake?

Introduced: 24 Jan 2020

CVE-2020-5225 Open this link in a new tab
CWE-200 Open this link in a new tab

How to fix?

Upgrade simplesamlphp/simplesamlphp to version 1.18.4 or higher.

Overview

simplesamlphp/simplesamlphp is a PHP implementation of a SAML 2.0 service provider and identity provider, also compatible with Shibboleth 1.3 and 2.0.

Affected versions of this package are vulnerable to Log Injection. The www/erroreport.php script, which receives error reports and sends them via email to the system administrator, did not properly sanitize the report identifier obtained from the request. This allows an attacker, under specific circumstances, to inject new log lines by manually crafting this report ID. When configured to use the file logging handler, SimpleSAMLphp will output all its logs by appending each log line to a given file. Since the reportID parameter received in a request sent to www/errorreport.php was not properly sanitized, it was possible to inject newline characters into it, effectively allowing a malicious user to inject new log lines with arbitrary content.